Add ReadMe and .gitignore
parent
622c63f122
commit
0603002333
@ -0,0 +1,69 @@
|
|||||||
|
# ---> Java
|
||||||
|
# Compiled class file
|
||||||
|
*.class
|
||||||
|
|
||||||
|
# Log file
|
||||||
|
*.log
|
||||||
|
|
||||||
|
# BlueJ files
|
||||||
|
*.ctxt
|
||||||
|
|
||||||
|
# Mobile Tools for Java (J2ME)
|
||||||
|
.mtj.tmp/
|
||||||
|
|
||||||
|
# Package Files #
|
||||||
|
*.jar
|
||||||
|
*.war
|
||||||
|
*.nar
|
||||||
|
*.ear
|
||||||
|
*.zip
|
||||||
|
*.tar.gz
|
||||||
|
*.rar
|
||||||
|
|
||||||
|
# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
|
||||||
|
hs_err_pid*
|
||||||
|
|
||||||
|
# ---> JetBrains
|
||||||
|
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
|
||||||
|
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
|
||||||
|
|
||||||
|
# User-specific stuff
|
||||||
|
.idea/
|
||||||
|
target/
|
||||||
|
|
||||||
|
# CMake
|
||||||
|
cmake-build-*/
|
||||||
|
|
||||||
|
# Mongo Explorer plugin
|
||||||
|
.idea/**/mongoSettings.xml
|
||||||
|
|
||||||
|
# File-based project format
|
||||||
|
*.iws
|
||||||
|
|
||||||
|
# IntelliJ
|
||||||
|
out/
|
||||||
|
|
||||||
|
# mpeltonen/sbt-idea plugin
|
||||||
|
.idea_modules/
|
||||||
|
|
||||||
|
# JIRA plugin
|
||||||
|
atlassian-ide-plugin.xml
|
||||||
|
|
||||||
|
# Cursive Clojure plugin
|
||||||
|
.idea/replstate.xml
|
||||||
|
|
||||||
|
# Crashlytics plugin (for Android Studio and IntelliJ)
|
||||||
|
com_crashlytics_export_strings.xml
|
||||||
|
crashlytics.properties
|
||||||
|
crashlytics-build.properties
|
||||||
|
fabric.properties
|
||||||
|
|
||||||
|
# Editor-based Rest Client
|
||||||
|
.idea/httpRequests
|
||||||
|
|
||||||
|
# Android studio 3.1+ serialized cache file
|
||||||
|
.idea/caches/build_file_checksums.ser
|
||||||
|
|
||||||
|
# Local Deployment scripts
|
||||||
|
make.sh
|
||||||
|
dnet-role-management.iml
|
@ -0,0 +1,115 @@
|
|||||||
|
# Authorization Library
|
||||||
|
|
||||||
|
Authorization library is a library that provides a Spring Security process
|
||||||
|
in order to authorize the endpoints of a service base on OpenAIRE Authorities.
|
||||||
|
It can be used with two different session strategies, a stateless and
|
||||||
|
a Redis http session.
|
||||||
|
|
||||||
|
## Stateless
|
||||||
|
|
||||||
|
In stateless strategy, there is not a session. A filter makes a request
|
||||||
|
to an "userinfo" endpoint and creates an Authentication base on the response.
|
||||||
|
The advantage of this method is that it doesn't need any storage to store
|
||||||
|
user's session, but with the cost of an extra http request per request.
|
||||||
|
|
||||||
|
### Usage
|
||||||
|
|
||||||
|
#### pom.xml
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>eu.dnetlib</groupId>
|
||||||
|
<artifactId>uoa-authorization-library</artifactId>
|
||||||
|
<version>2.1.0</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
#### Spring Application/Configuration
|
||||||
|
|
||||||
|
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
|
||||||
|
|
||||||
|
@Import(AuthorizationConfiguration.class)
|
||||||
|
public class Application {
|
||||||
|
public static void main(String[] args) {
|
||||||
|
SpringApplication.run(Application.class, args);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#### Configuration
|
||||||
|
|
||||||
|
authorization.security.userInfoUrl = http://<domain>/login-service/userInfo
|
||||||
|
authorization.security.session=openAIRESession # Default, do not change
|
||||||
|
|
||||||
|
## Redis
|
||||||
|
|
||||||
|
In Redis strategy, session is stored to a Redis database when a user
|
||||||
|
authenticates himself through a login service. The disadvantage of
|
||||||
|
this strategy is that it needs access to the Redis database
|
||||||
|
where session is stored.
|
||||||
|
|
||||||
|
### Usage
|
||||||
|
|
||||||
|
#### pom.xml
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>eu.dnetlib</groupId>
|
||||||
|
<artifactId>uoa-authorization-library</artifactId>
|
||||||
|
<version>2.1.0</version>
|
||||||
|
<classifier>redis</classifier>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
#### Spring Application/Configuration
|
||||||
|
|
||||||
|
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
|
||||||
|
|
||||||
|
@Import(AuthorizationConfiguration.class)
|
||||||
|
public class Application {
|
||||||
|
public static void main(String[] args) {
|
||||||
|
SpringApplication.run(Application.class, args);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#### Configuration
|
||||||
|
|
||||||
|
authorization.security.domain=<domain-suffix> # e.g openaire.eu
|
||||||
|
authorization.security.session=openAIRESession # Default, do not change
|
||||||
|
|
||||||
|
|
||||||
|
## Authorize Requests
|
||||||
|
|
||||||
|
### Authorization Service
|
||||||
|
|
||||||
|
In order to simplify the format of the Authorities, you can use
|
||||||
|
this spring component to authorize your endpoints. There is also methods to
|
||||||
|
get user's information.
|
||||||
|
|
||||||
|
public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
|
||||||
|
public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";
|
||||||
|
public final String REGISTERED_USER = "REGISTERED_USER";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
||||||
|
*/
|
||||||
|
public String curator(String type) {}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
||||||
|
*
|
||||||
|
* Id = EE, EGI, etc
|
||||||
|
*/
|
||||||
|
public String manager(String type, String id) { }
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT
|
||||||
|
*
|
||||||
|
* Id = EE, EGI, etc
|
||||||
|
*/
|
||||||
|
public String member(String type, String id)
|
||||||
|
|
||||||
|
e.g
|
||||||
|
|
||||||
|
@PreAuthorize("hasAnyAuthority("
|
||||||
|
+ "@AuthorizationService.PORTAL_ADMIN, "
|
||||||
|
+ "@AuthorizationService.curator(#type), "
|
||||||
|
+ "@AuthorizationService.manager(#type, #id)) "
|
||||||
|
+ ")")
|
||||||
|
@RequestMapping(value = "{type}/{id}", method = RequestMethod.GET)
|
||||||
|
public Entity getEntity(@PathVariable("type") String type, @PathVariable("id") String id) {
|
Loading…
Reference in New Issue