restricted access for simrels api
This commit is contained in:
parent
7465134e8b
commit
5c04deadd4
|
@ -0,0 +1,5 @@
|
|||
{"properties": [{
|
||||
"name": "openaire.api.valid.subnet",
|
||||
"type": "java.lang.String",
|
||||
"description": "A description for 'openaire.api.valid.subnet'"
|
||||
}]}
|
|
@ -3,6 +3,7 @@ package eu.dnetlib.organizations;
|
|||
import javax.sql.DataSource;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
|
@ -25,43 +26,48 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||
@Autowired
|
||||
private AccessDeniedHandler accessDeniedHandler;
|
||||
|
||||
@Value("${openaire.api.valid.subnet}")
|
||||
private String openaireApiValidSubnet;
|
||||
|
||||
@Override
|
||||
protected void configure(final HttpSecurity http) throws Exception {
|
||||
|
||||
http.csrf()
|
||||
.disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/", "/api/**")
|
||||
.hasAnyRole(UserRole.ADMIN.name(), UserRole.NATIONAL_ADMIN.name(), UserRole.USER.name())
|
||||
.antMatchers("/registration_api/**")
|
||||
.hasRole(UserRole.NOT_AUTHORIZED.name())
|
||||
.antMatchers("/resources/**", "/webjars/**")
|
||||
.permitAll()
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login")
|
||||
.permitAll()
|
||||
.and()
|
||||
.logout()
|
||||
.permitAll()
|
||||
.and()
|
||||
.exceptionHandling()
|
||||
.accessDeniedHandler(accessDeniedHandler);
|
||||
.disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/", "/api/**")
|
||||
.hasAnyRole(UserRole.ADMIN.name(), UserRole.NATIONAL_ADMIN.name(), UserRole.USER.name())
|
||||
.antMatchers("/registration_api/**")
|
||||
.hasRole(UserRole.NOT_AUTHORIZED.name())
|
||||
.antMatchers("/resources/**", "/webjars/**")
|
||||
.permitAll()
|
||||
.antMatchers("/oa_api/**")
|
||||
.hasIpAddress(openaireApiValidSubnet)
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.loginPage("/login")
|
||||
.permitAll()
|
||||
.and()
|
||||
.logout()
|
||||
.permitAll()
|
||||
.and()
|
||||
.exceptionHandling()
|
||||
.accessDeniedHandler(accessDeniedHandler);
|
||||
}
|
||||
|
||||
@Autowired
|
||||
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.jdbcAuthentication()
|
||||
.dataSource(dataSource)
|
||||
.usersByUsernameQuery("select ?, '{MD5}60c4a0eb167dd41e915a885f582414df', true") // TODO: this is a MOCK, the user should
|
||||
// be authenticated using the openaire
|
||||
// credentials
|
||||
.authoritiesByUsernameQuery("with const as (SELECT ? as email) "
|
||||
+ "select c.email, 'ROLE_'||coalesce(u.role, '"
|
||||
+ UserRole.NOT_AUTHORIZED
|
||||
+ "') from const c left outer join users u on (u.email = c.email)");
|
||||
.dataSource(dataSource)
|
||||
.usersByUsernameQuery("select ?, '{MD5}60c4a0eb167dd41e915a885f582414df', true") // TODO: this is a MOCK, the user should
|
||||
// be authenticated using the openaire
|
||||
// credentials
|
||||
.authoritiesByUsernameQuery("with const as (SELECT ? as email) "
|
||||
+ "select c.email, 'ROLE_'||coalesce(u.role, '"
|
||||
+ UserRole.NOT_AUTHORIZED
|
||||
+ "') from const c left outer join users u on (u.email = c.email)");
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
package eu.dnetlib.organizations.controller;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import eu.dnetlib.organizations.utils.DatabaseUtils;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/oa_api")
|
||||
public class OpenaireInternalApiController {
|
||||
|
||||
@Autowired
|
||||
private DatabaseUtils databaseUtils;
|
||||
|
||||
@Value("${openaire.api.https.proxy}")
|
||||
private String httpsProxy;
|
||||
|
||||
private static final Log log = LogFactory.getLog(OpenaireInternalApiController.class);
|
||||
|
||||
@GetMapping("/import/simrels")
|
||||
public List<String> importSimRels(final HttpServletRequest req) {
|
||||
if (req.getRemoteAddr().equals(httpsProxy)) {
|
||||
log.warn("Call received by blaklisted ip (https proxy): " + req.getRemoteAddr());
|
||||
throw new RuntimeException("Call received by blaklisted ip (https proxy): " + req.getRemoteAddr());
|
||||
}
|
||||
new Thread(databaseUtils::importSimRels).run();
|
||||
return Arrays.asList("Importing simrels (request from " + req.getRemoteAddr() + ") ...");
|
||||
}
|
||||
}
|
|
@ -273,10 +273,4 @@ public class OrganizationController {
|
|||
|
||||
}
|
||||
|
||||
@GetMapping("/import/simrels")
|
||||
public List<String> importSimRels() {
|
||||
new Thread(databaseUtils::importSimRels).run();
|
||||
return Arrays.asList("Importing...");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -289,9 +289,11 @@ public class DatabaseUtils {
|
|||
|
||||
public void importSimRels() {
|
||||
try {
|
||||
log.info("Importing conflicts and duplicates...");
|
||||
jdbcTemplate.update(IOUtils.toString(getClass().getResourceAsStream("/sql/importNewRels.sql")));
|
||||
log.info("...done");
|
||||
} catch (final Exception e) {
|
||||
log.error("Error importing simrels", e);
|
||||
log.error("Error importing conflicts and duplicates", e);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -16,3 +16,9 @@ spring.jpa.open-in-view=true
|
|||
spring.jpa.properties.hibernate.show_sql=true
|
||||
spring.jpa.properties.hibernate.use_sql_comments=true
|
||||
spring.jpa.properties.hibernate.format_sql=true
|
||||
|
||||
# the ICM private network
|
||||
openaire.api.valid.subnet = 10.19.65.0/24
|
||||
openaire.api.https.proxy = 10.19.65.35
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue