restricted access for simrels api
This commit is contained in:
parent
7465134e8b
commit
5c04deadd4
|
@ -0,0 +1,5 @@
|
||||||
|
{"properties": [{
|
||||||
|
"name": "openaire.api.valid.subnet",
|
||||||
|
"type": "java.lang.String",
|
||||||
|
"description": "A description for 'openaire.api.valid.subnet'"
|
||||||
|
}]}
|
|
@ -3,6 +3,7 @@ package eu.dnetlib.organizations;
|
||||||
import javax.sql.DataSource;
|
import javax.sql.DataSource;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
|
@ -25,43 +26,48 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
@Autowired
|
@Autowired
|
||||||
private AccessDeniedHandler accessDeniedHandler;
|
private AccessDeniedHandler accessDeniedHandler;
|
||||||
|
|
||||||
|
@Value("${openaire.api.valid.subnet}")
|
||||||
|
private String openaireApiValidSubnet;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(final HttpSecurity http) throws Exception {
|
protected void configure(final HttpSecurity http) throws Exception {
|
||||||
|
|
||||||
http.csrf()
|
http.csrf()
|
||||||
.disable()
|
.disable()
|
||||||
.authorizeRequests()
|
.authorizeRequests()
|
||||||
.antMatchers("/", "/api/**")
|
.antMatchers("/", "/api/**")
|
||||||
.hasAnyRole(UserRole.ADMIN.name(), UserRole.NATIONAL_ADMIN.name(), UserRole.USER.name())
|
.hasAnyRole(UserRole.ADMIN.name(), UserRole.NATIONAL_ADMIN.name(), UserRole.USER.name())
|
||||||
.antMatchers("/registration_api/**")
|
.antMatchers("/registration_api/**")
|
||||||
.hasRole(UserRole.NOT_AUTHORIZED.name())
|
.hasRole(UserRole.NOT_AUTHORIZED.name())
|
||||||
.antMatchers("/resources/**", "/webjars/**")
|
.antMatchers("/resources/**", "/webjars/**")
|
||||||
.permitAll()
|
.permitAll()
|
||||||
.anyRequest()
|
.antMatchers("/oa_api/**")
|
||||||
.authenticated()
|
.hasIpAddress(openaireApiValidSubnet)
|
||||||
.and()
|
.anyRequest()
|
||||||
.formLogin()
|
.authenticated()
|
||||||
.loginPage("/login")
|
.and()
|
||||||
.permitAll()
|
.formLogin()
|
||||||
.and()
|
.loginPage("/login")
|
||||||
.logout()
|
.permitAll()
|
||||||
.permitAll()
|
.and()
|
||||||
.and()
|
.logout()
|
||||||
.exceptionHandling()
|
.permitAll()
|
||||||
.accessDeniedHandler(accessDeniedHandler);
|
.and()
|
||||||
|
.exceptionHandling()
|
||||||
|
.accessDeniedHandler(accessDeniedHandler);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
|
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
|
||||||
auth.jdbcAuthentication()
|
auth.jdbcAuthentication()
|
||||||
.dataSource(dataSource)
|
.dataSource(dataSource)
|
||||||
.usersByUsernameQuery("select ?, '{MD5}60c4a0eb167dd41e915a885f582414df', true") // TODO: this is a MOCK, the user should
|
.usersByUsernameQuery("select ?, '{MD5}60c4a0eb167dd41e915a885f582414df', true") // TODO: this is a MOCK, the user should
|
||||||
// be authenticated using the openaire
|
// be authenticated using the openaire
|
||||||
// credentials
|
// credentials
|
||||||
.authoritiesByUsernameQuery("with const as (SELECT ? as email) "
|
.authoritiesByUsernameQuery("with const as (SELECT ? as email) "
|
||||||
+ "select c.email, 'ROLE_'||coalesce(u.role, '"
|
+ "select c.email, 'ROLE_'||coalesce(u.role, '"
|
||||||
+ UserRole.NOT_AUTHORIZED
|
+ UserRole.NOT_AUTHORIZED
|
||||||
+ "') from const c left outer join users u on (u.email = c.email)");
|
+ "') from const c left outer join users u on (u.email = c.email)");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
package eu.dnetlib.organizations.controller;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
import eu.dnetlib.organizations.utils.DatabaseUtils;
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
@RequestMapping("/oa_api")
|
||||||
|
public class OpenaireInternalApiController {
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private DatabaseUtils databaseUtils;
|
||||||
|
|
||||||
|
@Value("${openaire.api.https.proxy}")
|
||||||
|
private String httpsProxy;
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(OpenaireInternalApiController.class);
|
||||||
|
|
||||||
|
@GetMapping("/import/simrels")
|
||||||
|
public List<String> importSimRels(final HttpServletRequest req) {
|
||||||
|
if (req.getRemoteAddr().equals(httpsProxy)) {
|
||||||
|
log.warn("Call received by blaklisted ip (https proxy): " + req.getRemoteAddr());
|
||||||
|
throw new RuntimeException("Call received by blaklisted ip (https proxy): " + req.getRemoteAddr());
|
||||||
|
}
|
||||||
|
new Thread(databaseUtils::importSimRels).run();
|
||||||
|
return Arrays.asList("Importing simrels (request from " + req.getRemoteAddr() + ") ...");
|
||||||
|
}
|
||||||
|
}
|
|
@ -273,10 +273,4 @@ public class OrganizationController {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/import/simrels")
|
|
||||||
public List<String> importSimRels() {
|
|
||||||
new Thread(databaseUtils::importSimRels).run();
|
|
||||||
return Arrays.asList("Importing...");
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -289,9 +289,11 @@ public class DatabaseUtils {
|
||||||
|
|
||||||
public void importSimRels() {
|
public void importSimRels() {
|
||||||
try {
|
try {
|
||||||
|
log.info("Importing conflicts and duplicates...");
|
||||||
jdbcTemplate.update(IOUtils.toString(getClass().getResourceAsStream("/sql/importNewRels.sql")));
|
jdbcTemplate.update(IOUtils.toString(getClass().getResourceAsStream("/sql/importNewRels.sql")));
|
||||||
|
log.info("...done");
|
||||||
} catch (final Exception e) {
|
} catch (final Exception e) {
|
||||||
log.error("Error importing simrels", e);
|
log.error("Error importing conflicts and duplicates", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,3 +16,9 @@ spring.jpa.open-in-view=true
|
||||||
spring.jpa.properties.hibernate.show_sql=true
|
spring.jpa.properties.hibernate.show_sql=true
|
||||||
spring.jpa.properties.hibernate.use_sql_comments=true
|
spring.jpa.properties.hibernate.use_sql_comments=true
|
||||||
spring.jpa.properties.hibernate.format_sql=true
|
spring.jpa.properties.hibernate.format_sql=true
|
||||||
|
|
||||||
|
# the ICM private network
|
||||||
|
openaire.api.valid.subnet = 10.19.65.0/24
|
||||||
|
openaire.api.https.proxy = 10.19.65.35
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue