public AccessTokenVerifierWithCaching(IAccessTokenVerifier accessTokenVerifier,
IAccessTokenCache accessTokenCache, int cacheEntryExpirationTime)
{
_accessTokenVerifier = accessTokenVerifier;
_accessTokenCache = accessTokenCache;
_cacheEntryExpirationTime = cacheEntryExpirationTime;
}
public IncomingGrainCallAuthorizationFilter(IAccessTokenVerifier accessTokenVerifier,
// ReSharper disable once SuggestBaseTypeForParameter
IAuthorizationExecutor authorizeHandler, ILogger <IncomingGrainCallAuthorizationFilter> logger)
: base(accessTokenVerifier, authorizeHandler)
{
Logger = logger;
}
public AccessTokenVerifierWithTracing(bool isCachingEnabled,
IAccessTokenVerifier accessTokenVerifier,
ILogger <IAccessTokenVerifier> logger)
{
_logger = logger;
_isCachingEnabled = isCachingEnabled;
_accessTokenVerifier = accessTokenVerifier;
}
public OutgoingGrainCallAuthorizationFilter(IAccessTokenProvider accessTokenProvider,
IAccessTokenVerifier accessTokenVerifier,
IdentityServer4Info identityServer4Info, IAuthorizationExecutor authorizeHandler,
ILoggerFactory loggerFactory) : base(accessTokenVerifier, authorizeHandler)
{
_accessTokenProvider = accessTokenProvider;
_identityServer4Info = identityServer4Info;
Logger = loggerFactory.CreateLogger <OutgoingGrainCallAuthorizationFilter>();
}
protected GrainAuthorizationFilterBase(IAccessTokenVerifier accessTokenVerifier,
IAuthorizationExecutor authorizeHandler)
{
_authorizeHandler = authorizeHandler;
_accessTokenVerifier = accessTokenVerifier;
}
internal static void AddOrleansClusterSecurityServices(this IServiceCollection services,
Action <Configuration> configure,
Action <IServiceCollection> configureServices = null)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
var configuration = new Configuration();
configure.Invoke(configuration);
services.AddAuthorization(configuration.ConfigureAuthorizationOptions);
services.TryAdd(ServiceDescriptor.Singleton <IAuthorizationExecutor, AuthorizationExecutor>());
configureServices?.Invoke(services);
// Access Token verification section.
var accessTokenVerifierOptions = new AccessTokenVerifierOptions();
configuration.ConfigureAccessTokenVerifierOptions?.Invoke(accessTokenVerifierOptions);
services.Add(ServiceDescriptor.Singleton(accessTokenVerifierOptions));
services.TryAddSingleton <DefaultAccessTokenVerifier>();
services.AddScoped <IAccessTokenIntrospectionService, AccessTokenIntrospectionServiceDefault>();
//TODO: Maybe there is a better solution to split configuration for testing purposes.
// If the environment is not in testing mode.
if (configureServices == null)
{
services.Add(
ServiceDescriptor.Describe(typeof(AccessTokenVerifierWithCaching), serviceProvider =>
{
var defaultAccessTokenVerifier = serviceProvider.GetService <DefaultAccessTokenVerifier>();
var accessTokenCache = serviceProvider.GetService <IAccessTokenCache>();
return(new AccessTokenVerifierWithCaching(defaultAccessTokenVerifier,
accessTokenCache, accessTokenVerifierOptions.CacheEntryExpirationTime));
}, ServiceLifetime.Singleton));
services.Add(ServiceDescriptor.Describe(typeof(IAccessTokenVerifier), serviceProvider =>
{
IAccessTokenVerifier service = serviceProvider.GetService <DefaultAccessTokenVerifier>();
var isCacheEnabled = accessTokenVerifierOptions.InMemoryCacheEnabled;
if (isCacheEnabled)
{
service = serviceProvider.GetService <AccessTokenVerifierWithCaching>();
}
if (!configuration.TracingEnabled)
{
return(service);
}
var logger = serviceProvider.GetRequiredService <ILogger <IAccessTokenVerifier> >();
return(new AccessTokenVerifierWithTracing(isCacheEnabled, service, logger));
}
, ServiceLifetime.Singleton));
}
services.AddHttpClient("IdS4").ConfigureHttpMessageHandlerBuilder(builder =>
{
var httpClientHandler = new HttpClientHandler();
builder.PrimaryHandler = httpClientHandler;
if (accessTokenVerifierOptions.DisableCertificateValidation)
{
httpClientHandler.ServerCertificateCustomValidationCallback +=
(sender, certificate, chain, sslPolicyErrors) =>
{
if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
{
}
return(true);
};
}
});
var memoryCacheOptions = new MemoryCacheOptions();
services.AddSingleton <IAccessTokenCache>(serviceProvider => new AccessTokenCache(memoryCacheOptions));
services.AddSingleton(provider => new
IdS4DiscoveryDocumentProvider(provider.GetRequiredService <IHttpClientFactory>(),
provider.GetRequiredService <IdentityServer4Info>().DiscoveryEndpointUrl));
}
public IncomingGrainCallAuthorizationFilter(IAccessTokenVerifier accessTokenVerifier,
IAuthorizationExecutor authorizeHandler, ILoggerFactory loggerFactory)
: base(accessTokenVerifier, authorizeHandler)
{
Logger = loggerFactory.CreateLogger <IncomingGrainCallAuthorizationFilter>();
}
