authentication details

This commit is contained in:
Michele Artini 2022-09-22 13:53:21 +02:00
parent a4a4586127
commit 02b74616b2
3 changed files with 29 additions and 24 deletions

View File

@ -50,7 +50,7 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${openaire.override.logout.url}") @Value("${openaire.override.logout.url}")
private String openaireLogoutUrl; private String openaireLogoutUrl;
private static Logger logger = LoggerFactory.getLogger(OAuth2WebSecurityConfig.class); private static Logger log = LoggerFactory.getLogger(OAuth2WebSecurityConfig.class);
@Override @Override
protected void configure(final HttpSecurity http) throws Exception { protected void configure(final HttpSecurity http) throws Exception {
@ -86,7 +86,7 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
return (req, res, e) -> { return (req, res, e) -> {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null) { if (authentication != null) {
logger.warn(String log.warn(String
.format("User '%s' (%s) attempted to access the protected URL: %s", UserInfo.getEmail(authentication), req .format("User '%s' (%s) attempted to access the protected URL: %s", UserInfo.getEmail(authentication), req
.getRemoteAddr(), req.getRequestURI())); .getRemoteAddr(), req.getRequestURI()));
} }
@ -108,10 +108,10 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
handler.setPostLogoutRedirectUri("{baseUrl}"); handler.setPostLogoutRedirectUri("{baseUrl}");
handler.setRedirectStrategy((req, res, url) -> { handler.setRedirectStrategy((req, res, url) -> {
if (StringUtils.isNotBlank(openaireLogoutUrl)) { if (StringUtils.isNotBlank(openaireLogoutUrl)) {
logger.info("Performing remote logout: " + openaireLogoutUrl); log.info("Performing remote logout: " + openaireLogoutUrl);
res.sendRedirect(openaireLogoutUrl); res.sendRedirect(openaireLogoutUrl);
} else { } else {
logger.info("Performing remote logout: " + url); log.info("Performing remote logout: " + url);
res.sendRedirect(url); res.sendRedirect(url);
} }
}); });
@ -125,10 +125,15 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
return (userRequest) -> { return (userRequest) -> {
final OidcUser oidcUser = delegate.loadUser(userRequest); final OidcUser oidcUser = delegate.loadUser(userRequest);
final Optional<User> user = databaseUtils.findUser(oidcUser.getEmail()); log.debug("User attributes:");
oidcUser.getAttributes().forEach((k, v) -> {
log.debug(" - " + k + ": " + v);
});
final Optional<User> user = databaseUtils.findUser(UserInfo.getEmail(oidcUser));
if (user.isPresent()) { if (user.isPresent()) {
databaseUtils.updateUserDetails(oidcUser.getEmail(), oidcUser.getFullName(), oidcUser.getAttribute("organization")); databaseUtils.updateUserDetails(UserInfo.getEmail(oidcUser), UserInfo.getFullname(oidcUser), UserInfo.getOrganization(oidcUser));
} }
final String role = "ROLE_" + OpenOrgsConstants.OPENORGS_ROLE_PREFIX + user final String role = "ROLE_" + OpenOrgsConstants.OPENORGS_ROLE_PREFIX + user
@ -143,17 +148,4 @@ public class OAuth2WebSecurityConfig extends WebSecurityConfigurerAdapter {
}; };
} }
// https://www.baeldung.com/spring-security-openid-connect
// https://github.com/mitreid-connect/
// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/tree/master/openid-connect-client
// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Client-configuration
// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/trunk/
// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-user-management/trunk/
// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-openaire-users/trunk/
// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-login/trunk/
// Aprire Ticket a GRNET con Argiro e Katerina come watchers
} }

View File

@ -72,12 +72,12 @@ public class HomeController extends AbstractDnetController {
@ModelAttribute("fullname") @ModelAttribute("fullname")
public String getUserFullname(final Authentication authentication) { public String getUserFullname(final Authentication authentication) {
return authentication != null ? UserInfo.getFullname(authentication) : null; return authentication != null ? UserInfo.getFullname(authentication) : "unknown";
} }
@ModelAttribute("organization") @ModelAttribute("organization")
public String getUserOrganization(final Authentication authentication) { public String getUserOrganization(final Authentication authentication) {
return authentication != null ? UserInfo.getOrganization(authentication) : null; return authentication != null ? UserInfo.getOrganization(authentication) : "unknown";
} }
@ModelAttribute("sysconf") @ModelAttribute("sysconf")

View File

@ -5,6 +5,7 @@ import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
public class UserInfo { public class UserInfo {
@ -90,17 +91,29 @@ public class UserInfo {
public static String getEmail(final Authentication authentication) { public static String getEmail(final Authentication authentication) {
final Object user = authentication.getPrincipal(); final Object user = authentication.getPrincipal();
return user instanceof DefaultOidcUser ? ((DefaultOidcUser) user).getEmail() : authentication.getName(); return user instanceof DefaultOidcUser ? getEmail((DefaultOidcUser) user) : authentication.getName();
}
public static String getEmail(final OidcUser user) {
return user.getEmail();
} }
public static String getFullname(final Authentication authentication) { public static String getFullname(final Authentication authentication) {
final Object user = authentication.getPrincipal(); final Object user = authentication.getPrincipal();
return user instanceof DefaultOidcUser ? ((DefaultOidcUser) user).getFullName() : "unknown"; return user instanceof DefaultOidcUser ? getFullname((DefaultOidcUser) user) : "unknown";
}
public static String getFullname(final OidcUser user) {
return user.getFullName();
} }
public static String getOrganization(final Authentication authentication) { public static String getOrganization(final Authentication authentication) {
final Object user = authentication.getPrincipal(); final Object user = authentication.getPrincipal();
return user instanceof DefaultOidcUser ? ((DefaultOidcUser) user).getAttribute("organization") : "unknown"; return user instanceof DefaultOidcUser ? getOrganization((DefaultOidcUser) user) : "unknown";
}
public static String getOrganization(final OidcUser user) {
return user.getAttribute("organization");
} }
} }