Add ReadMe and .gitignore
parent
622c63f122
commit
0603002333
@ -0,0 +1,69 @@
|
||||
# ---> Java
|
||||
# Compiled class file
|
||||
*.class
|
||||
|
||||
# Log file
|
||||
*.log
|
||||
|
||||
# BlueJ files
|
||||
*.ctxt
|
||||
|
||||
# Mobile Tools for Java (J2ME)
|
||||
.mtj.tmp/
|
||||
|
||||
# Package Files #
|
||||
*.jar
|
||||
*.war
|
||||
*.nar
|
||||
*.ear
|
||||
*.zip
|
||||
*.tar.gz
|
||||
*.rar
|
||||
|
||||
# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
|
||||
hs_err_pid*
|
||||
|
||||
# ---> JetBrains
|
||||
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
|
||||
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
|
||||
|
||||
# User-specific stuff
|
||||
.idea/
|
||||
target/
|
||||
|
||||
# CMake
|
||||
cmake-build-*/
|
||||
|
||||
# Mongo Explorer plugin
|
||||
.idea/**/mongoSettings.xml
|
||||
|
||||
# File-based project format
|
||||
*.iws
|
||||
|
||||
# IntelliJ
|
||||
out/
|
||||
|
||||
# mpeltonen/sbt-idea plugin
|
||||
.idea_modules/
|
||||
|
||||
# JIRA plugin
|
||||
atlassian-ide-plugin.xml
|
||||
|
||||
# Cursive Clojure plugin
|
||||
.idea/replstate.xml
|
||||
|
||||
# Crashlytics plugin (for Android Studio and IntelliJ)
|
||||
com_crashlytics_export_strings.xml
|
||||
crashlytics.properties
|
||||
crashlytics-build.properties
|
||||
fabric.properties
|
||||
|
||||
# Editor-based Rest Client
|
||||
.idea/httpRequests
|
||||
|
||||
# Android studio 3.1+ serialized cache file
|
||||
.idea/caches/build_file_checksums.ser
|
||||
|
||||
# Local Deployment scripts
|
||||
make.sh
|
||||
dnet-role-management.iml
|
@ -0,0 +1,115 @@
|
||||
# Authorization Library
|
||||
|
||||
Authorization library is a library that provides a Spring Security process
|
||||
in order to authorize the endpoints of a service base on OpenAIRE Authorities.
|
||||
It can be used with two different session strategies, a stateless and
|
||||
a Redis http session.
|
||||
|
||||
## Stateless
|
||||
|
||||
In stateless strategy, there is not a session. A filter makes a request
|
||||
to an "userinfo" endpoint and creates an Authentication base on the response.
|
||||
The advantage of this method is that it doesn't need any storage to store
|
||||
user's session, but with the cost of an extra http request per request.
|
||||
|
||||
### Usage
|
||||
|
||||
#### pom.xml
|
||||
|
||||
<dependency>
|
||||
<groupId>eu.dnetlib</groupId>
|
||||
<artifactId>uoa-authorization-library</artifactId>
|
||||
<version>2.1.0</version>
|
||||
</dependency>
|
||||
|
||||
#### Spring Application/Configuration
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
|
||||
|
||||
@Import(AuthorizationConfiguration.class)
|
||||
public class Application {
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
}
|
||||
|
||||
#### Configuration
|
||||
|
||||
authorization.security.userInfoUrl = http://<domain>/login-service/userInfo
|
||||
authorization.security.session=openAIRESession # Default, do not change
|
||||
|
||||
## Redis
|
||||
|
||||
In Redis strategy, session is stored to a Redis database when a user
|
||||
authenticates himself through a login service. The disadvantage of
|
||||
this strategy is that it needs access to the Redis database
|
||||
where session is stored.
|
||||
|
||||
### Usage
|
||||
|
||||
#### pom.xml
|
||||
|
||||
<dependency>
|
||||
<groupId>eu.dnetlib</groupId>
|
||||
<artifactId>uoa-authorization-library</artifactId>
|
||||
<version>2.1.0</version>
|
||||
<classifier>redis</classifier>
|
||||
</dependency>
|
||||
|
||||
#### Spring Application/Configuration
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
|
||||
|
||||
@Import(AuthorizationConfiguration.class)
|
||||
public class Application {
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
}
|
||||
|
||||
#### Configuration
|
||||
|
||||
authorization.security.domain=<domain-suffix> # e.g openaire.eu
|
||||
authorization.security.session=openAIRESession # Default, do not change
|
||||
|
||||
|
||||
## Authorize Requests
|
||||
|
||||
### Authorization Service
|
||||
|
||||
In order to simplify the format of the Authorities, you can use
|
||||
this spring component to authorize your endpoints. There is also methods to
|
||||
get user's information.
|
||||
|
||||
public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
|
||||
public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";
|
||||
public final String REGISTERED_USER = "REGISTERED_USER";
|
||||
|
||||
/**
|
||||
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
||||
*/
|
||||
public String curator(String type) {}
|
||||
|
||||
/**
|
||||
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
||||
*
|
||||
* Id = EE, EGI, etc
|
||||
*/
|
||||
public String manager(String type, String id) { }
|
||||
|
||||
/**
|
||||
* Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT
|
||||
*
|
||||
* Id = EE, EGI, etc
|
||||
*/
|
||||
public String member(String type, String id)
|
||||
|
||||
e.g
|
||||
|
||||
@PreAuthorize("hasAnyAuthority("
|
||||
+ "@AuthorizationService.PORTAL_ADMIN, "
|
||||
+ "@AuthorizationService.curator(#type), "
|
||||
+ "@AuthorizationService.manager(#type, #id)) "
|
||||
+ ")")
|
||||
@RequestMapping(value = "{type}/{id}", method = RequestMethod.GET)
|
||||
public Entity getEntity(@PathVariable("type") String type, @PathVariable("id") String id) {
|
Loading…
Reference in New Issue