dnet-applications/apps/dnet-orgs-database-application/src/main/java/eu/dnetlib/organizations/WebSecurityConfig.java

package eu.dnetlib.organizations;

import java.util.HashSet;
import java.util.Optional;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;

import eu.dnetlib.organizations.controller.UserRole;
import eu.dnetlib.organizations.model.User;
import eu.dnetlib.organizations.repository.UserRepository;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private UserRepository userRepository;

	@Value("${openaire.api.valid.subnet}")
	private String openaireApiValidSubnet;

	@Override
	protected void configure(final HttpSecurity http) throws Exception {

		http.oauth2Login(oauth2 -> oauth2
			.userInfoEndpoint(userInfo -> userInfo.oidcUserService(this.oidcUserService())));
	}

	private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
		final OidcUserService delegate = new OidcUserService();

		return (userRequest) -> {
			final OidcUser oidcUser = delegate.loadUser(userRequest);

			final Optional<User> user = userRepository.findById(oidcUser.getEmail());
			final String role = user.isPresent() ? user.get().getRole() : UserRole.PENDING.toString();

			final Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
			mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_OPENORGS_" + role));

			return new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());
		};
	}

	// https://www.baeldung.com/spring-security-openid-connect

	// https://github.com/mitreid-connect/
	// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/tree/master/openid-connect-client
	// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Client-configuration

	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/trunk/
	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-user-management/trunk/
	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-openaire-users/trunk/
	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-login/trunk/

	// Aprire Ticket a GRNET con Argiro e Katerina come watchers

}
added dnet-orgs-database-application 2020-07-03 12:09:22 +02:00			`package eu.dnetlib.organizations;`

role remapping 2020-11-04 12:18:25 +01:00			`import java.util.HashSet;`
			`import java.util.Optional;`
			`import java.util.Set;`

			`import org.springframework.beans.factory.annotation.Autowired;`
restricted access for simrels api 2020-09-29 11:34:31 +02:00			`import org.springframework.beans.factory.annotation.Value;`
added dnet-orgs-database-application 2020-07-03 12:09:22 +02:00			`import org.springframework.context.annotation.Configuration;`
			`import org.springframework.security.config.annotation.web.builders.HttpSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;`
			`import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;`
role remapping 2020-11-04 12:18:25 +01:00			`import org.springframework.security.core.GrantedAuthority;`
			`import org.springframework.security.core.authority.SimpleGrantedAuthority;`
			`import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;`
			`import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;`
			`import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;`
			`import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;`
			`import org.springframework.security.oauth2.core.oidc.user.OidcUser;`

			`import eu.dnetlib.organizations.controller.UserRole;`
			`import eu.dnetlib.organizations.model.User;`
			`import eu.dnetlib.organizations.repository.UserRepository;`
added dnet-orgs-database-application 2020-07-03 12:09:22 +02:00
			`@Configuration`
			`@EnableWebSecurity`
			`public class WebSecurityConfig extends WebSecurityConfigurerAdapter {`

role remapping 2020-11-04 12:18:25 +01:00			`@Autowired`
			`private UserRepository userRepository;`
added dnet-orgs-database-application 2020-07-03 12:09:22 +02:00
restricted access for simrels api 2020-09-29 11:34:31 +02:00			`@Value("${openaire.api.valid.subnet}")`
			`private String openaireApiValidSubnet;`

added dnet-orgs-database-application 2020-07-03 12:09:22 +02:00			`@Override`
			`protected void configure(final HttpSecurity http) throws Exception {`

role remapping 2020-11-04 12:18:25 +01:00			`http.oauth2Login(oauth2 -> oauth2`
			`.userInfoEndpoint(userInfo -> userInfo.oidcUserService(this.oidcUserService())));`
added dnet-orgs-database-application 2020-07-03 12:09:22 +02:00			`}`

role remapping 2020-11-04 12:18:25 +01:00			`private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {`
			`final OidcUserService delegate = new OidcUserService();`

			`return (userRequest) -> {`
			`final OidcUser oidcUser = delegate.loadUser(userRequest);`

			`final Optional<User> user = userRepository.findById(oidcUser.getEmail());`
			`final String role = user.isPresent() ? user.get().getRole() : UserRole.PENDING.toString();`

			`final Set<GrantedAuthority> mappedAuthorities = new HashSet<>();`
			`mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_OPENORGS_" + role));`

			`return new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());`
			`};`
			`}`
oauth2 first steps 2020-11-04 10:30:29 +01:00
			`// https://www.baeldung.com/spring-security-openid-connect`

			`// https://github.com/mitreid-connect/`
			`// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/tree/master/openid-connect-client`
			`// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Client-configuration`

			`// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/trunk/`
			`// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-user-management/trunk/`
			`// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-openaire-users/trunk/`
			`// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-login/trunk/`

			`// Aprire Ticket a GRNET con Argiro e Katerina come watchers`
added dnet-orgs-database-application 2020-07-03 12:09:22 +02:00
			`}`