From 060300233335fa483651fc3c3973333aaae50eb6 Mon Sep 17 00:00:00 2001 From: "k.triantafyllou" Date: Wed, 8 Dec 2021 13:46:09 +0200 Subject: [PATCH] Add ReadMe and .gitignore --- .gitignore | 69 +++++++++++ README.md | 115 ++++++++++++++++++ .../security/AuthorizationService.java | 4 +- 3 files changed, 186 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 README.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..88b968b --- /dev/null +++ b/.gitignore @@ -0,0 +1,69 @@ +# ---> Java +# Compiled class file +*.class + +# Log file +*.log + +# BlueJ files +*.ctxt + +# Mobile Tools for Java (J2ME) +.mtj.tmp/ + +# Package Files # +*.jar +*.war +*.nar +*.ear +*.zip +*.tar.gz +*.rar + +# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml +hs_err_pid* + +# ---> JetBrains +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/ +target/ + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +# Local Deployment scripts +make.sh +dnet-role-management.iml diff --git a/README.md b/README.md new file mode 100644 index 0000000..9534adc --- /dev/null +++ b/README.md @@ -0,0 +1,115 @@ +# Authorization Library + +Authorization library is a library that provides a Spring Security process +in order to authorize the endpoints of a service base on OpenAIRE Authorities. +It can be used with two different session strategies, a stateless and +a Redis http session. + +## Stateless + +In stateless strategy, there is not a session. A filter makes a request +to an "userinfo" endpoint and creates an Authentication base on the response. +The advantage of this method is that it doesn't need any storage to store +user's session, but with the cost of an extra http request per request. + +### Usage + +#### pom.xml + + + eu.dnetlib + uoa-authorization-library + 2.1.0 + + +#### Spring Application/Configuration + + import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration; + + @Import(AuthorizationConfiguration.class) + public class Application { + public static void main(String[] args) { + SpringApplication.run(Application.class, args); + } + } + +#### Configuration + + authorization.security.userInfoUrl = http:///login-service/userInfo + authorization.security.session=openAIRESession # Default, do not change + +## Redis + +In Redis strategy, session is stored to a Redis database when a user +authenticates himself through a login service. The disadvantage of +this strategy is that it needs access to the Redis database +where session is stored. + +### Usage + +#### pom.xml + + + eu.dnetlib + uoa-authorization-library + 2.1.0 + redis + + +#### Spring Application/Configuration + + import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration; + + @Import(AuthorizationConfiguration.class) + public class Application { + public static void main(String[] args) { + SpringApplication.run(Application.class, args); + } + } + +#### Configuration + + authorization.security.domain= # e.g openaire.eu + authorization.security.session=openAIRESession # Default, do not change + + +## Authorize Requests + +### Authorization Service + +In order to simplify the format of the Authorities, you can use +this spring component to authorize your endpoints. There is also methods to +get user's information. + + public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR"; + public final String ANONYMOUS_USER = "ROLE_ANONYMOUS"; + public final String REGISTERED_USER = "REGISTERED_USER"; + + /** + * Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT + */ + public String curator(String type) {} + + /** + * Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT + * + * Id = EE, EGI, etc + */ + public String manager(String type, String id) { } + + /** + * Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT + * + * Id = EE, EGI, etc + */ + public String member(String type, String id) + +e.g + + @PreAuthorize("hasAnyAuthority(" + + "@AuthorizationService.PORTAL_ADMIN, " + + "@AuthorizationService.curator(#type), " + + "@AuthorizationService.manager(#type, #id)) " + + ")") + @RequestMapping(value = "{type}/{id}", method = RequestMethod.GET) + public Entity getEntity(@PathVariable("type") String type, @PathVariable("id") String id) { \ No newline at end of file diff --git a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationService.java b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationService.java index c8f6505..cc4fb5e 100644 --- a/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationService.java +++ b/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationService.java @@ -38,7 +38,7 @@ public class AuthorizationService { /** * Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT - *

+ * * Id = EE, EGI, etc */ public String manager(String type, String id) { @@ -47,7 +47,7 @@ public class AuthorizationService { /** * Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT - *

+ * * Id = EE, EGI, etc */ public String member(String type, String id) {