2020-07-03 12:09:22 +02:00
|
|
|
package eu.dnetlib.organizations;
|
|
|
|
|
2020-11-04 12:18:25 +01:00
|
|
|
import java.util.HashSet;
|
|
|
|
import java.util.Optional;
|
|
|
|
import java.util.Set;
|
|
|
|
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
2020-09-29 11:34:31 +02:00
|
|
|
import org.springframework.beans.factory.annotation.Value;
|
2020-07-03 12:09:22 +02:00
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
2020-11-04 12:18:25 +01:00
|
|
|
import org.springframework.security.core.GrantedAuthority;
|
|
|
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|
|
|
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
|
|
|
|
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
|
|
|
|
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
|
|
|
|
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
|
|
|
|
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
|
|
|
|
|
|
|
import eu.dnetlib.organizations.controller.UserRole;
|
|
|
|
import eu.dnetlib.organizations.model.User;
|
|
|
|
import eu.dnetlib.organizations.repository.UserRepository;
|
2020-07-03 12:09:22 +02:00
|
|
|
|
|
|
|
@Configuration
|
|
|
|
@EnableWebSecurity
|
|
|
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
|
|
|
2020-11-04 12:18:25 +01:00
|
|
|
@Autowired
|
|
|
|
private UserRepository userRepository;
|
2020-07-03 12:09:22 +02:00
|
|
|
|
2020-09-29 11:34:31 +02:00
|
|
|
@Value("${openaire.api.valid.subnet}")
|
|
|
|
private String openaireApiValidSubnet;
|
|
|
|
|
2020-07-03 12:09:22 +02:00
|
|
|
@Override
|
|
|
|
protected void configure(final HttpSecurity http) throws Exception {
|
|
|
|
|
2020-11-04 12:18:25 +01:00
|
|
|
http.oauth2Login(oauth2 -> oauth2
|
|
|
|
.userInfoEndpoint(userInfo -> userInfo.oidcUserService(this.oidcUserService())));
|
2020-07-03 12:09:22 +02:00
|
|
|
}
|
|
|
|
|
2020-11-04 12:18:25 +01:00
|
|
|
private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
|
|
|
|
final OidcUserService delegate = new OidcUserService();
|
|
|
|
|
|
|
|
return (userRequest) -> {
|
|
|
|
final OidcUser oidcUser = delegate.loadUser(userRequest);
|
|
|
|
|
|
|
|
final Optional<User> user = userRepository.findById(oidcUser.getEmail());
|
|
|
|
final String role = user.isPresent() ? user.get().getRole() : UserRole.PENDING.toString();
|
|
|
|
|
|
|
|
final Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
|
|
|
|
mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_OPENORGS_" + role));
|
|
|
|
|
|
|
|
return new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());
|
|
|
|
};
|
|
|
|
}
|
2020-11-04 10:30:29 +01:00
|
|
|
|
|
|
|
// https://www.baeldung.com/spring-security-openid-connect
|
|
|
|
|
|
|
|
// https://github.com/mitreid-connect/
|
|
|
|
// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/tree/master/openid-connect-client
|
|
|
|
// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Client-configuration
|
|
|
|
|
|
|
|
// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/trunk/
|
|
|
|
// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-user-management/trunk/
|
|
|
|
// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-openaire-users/trunk/
|
|
|
|
// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-login/trunk/
|
|
|
|
|
|
|
|
// Aprire Ticket a GRNET con Argiro e Katerina come watchers
|
2020-07-03 12:09:22 +02:00
|
|
|
|
|
|
|
}
|