MaDgIK
/
authorization-library
13
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add Check Properties. Update parent. Change swagger path.

This commit is contained in:
Konstantinos Triantafyllou 2024-09-05 18:29:12 +03:00
parent 03917f18bd
commit 22471d5953
14 changed files with 85 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pom.xml
View File

@ -4,7 +4,7 @@
<parent>
<groupId>eu.dnetlib</groupId>
<artifactId>uoa-spring-boot-parent</artifactId>
<version>2.0.1</version>
<version>2.0.2</version>
</parent>
<artifactId>uoa-authorization-library</artifactId>
<version>3.0.1-SNAPSHOT</version>

16
src/main/java/eu/dnetlib/uoaauthorizationlibrary/AuthorizationConfiguration.java
View File

@ -1,8 +1,10 @@
package eu.dnetlib.uoaauthorizationlibrary;
import com.fasterxml.jackson.databind.ObjectMapper;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.*;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.SecurityMode;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.API;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.GlobalVars;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.SecurityProperties;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.CheckProperties;
import jakarta.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
@ -22,13 +24,13 @@ public class AuthorizationConfiguration {
private final SecurityProperties properties;
private final GlobalVars globalVars;
private final SecurityMode securityMode;
private final CheckProperties checkProperties;
@Autowired
public AuthorizationConfiguration(SecurityProperties properties, GlobalVars globalVars, SecurityMode securityMode) {
public AuthorizationConfiguration(SecurityProperties properties, GlobalVars globalVars, CheckProperties checkProperties) {
this.properties = properties;
this.globalVars = globalVars;
this.securityMode = securityMode;
this.checkProperties = checkProperties;
}
@Bean
@ -47,14 +49,14 @@ public class AuthorizationConfiguration {
} else if(properties.getSession() == null || properties.getSession().isEmpty()) {
throw new RuntimeException("authorization.security.session is missing!");
}
this.securityMode.checkProperties(properties);
this.checkProperties.checkProperties(properties);
}
public Map<String, String> getProperties() {
Map<String, String> map = new HashMap<>();
map.put("authorization.security.domain", properties.getDomain());
map.put("authorization.security.session", properties.getSession());
this.securityMode.getProperties(map, properties);
this.checkProperties.getProperties(map, properties);
if (GlobalVars.date != null) {
map.put("Date of deploy", GlobalVars.date.toString());
}

1
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/configuration/SecurityProperties.java
View File

@ -2,7 +2,6 @@ package eu.dnetlib.uoaauthorizationlibrary.authorization.configuration;
import org.springframework.boot.context.properties.ConfigurationProperties;
@ConfigurationProperties("authorization.security")
public class SecurityProperties {

1
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/exceptions/ExceptionsHandler.java
View File

@ -1,6 +1,5 @@
package eu.dnetlib.uoaauthorizationlibrary.authorization.exceptions;
import eu.dnetlib.uoaauthorizationlibrary.authorization.exceptions.http.UnauthorizedException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.http.HttpStatus;

29
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/redis/RedisCheckProperties.java Normal file
View File

@ -0,0 +1,29 @@
package eu.dnetlib.uoaauthorizationlibrary.authorization.redis;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.Redis;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.SecurityProperties;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.CheckProperties;
import org.springframework.stereotype.Component;
import java.util.Map;
@Component
public class RedisCheckProperties implements CheckProperties {
@Override
public void checkProperties(SecurityProperties properties) {
Redis redis = properties.getRedis();
if (redis.getHost() == null || redis.getHost().isEmpty()) {
throw new RuntimeException("authorization.security.redis.host is missing!");
} else if (redis.getPort() == null || redis.getPort().isEmpty()) {
throw new RuntimeException("authorization.security.redis.port is missing!");
}
}
@Override
public void getProperties(Map<String, String> map, SecurityProperties properties) {
map.put("authorization.security.redis.host", properties.getRedis().getHost());
map.put("authorization.security.redis.port", properties.getRedis().getPort());
map.put("authorization.security.redis.password", properties.getRedis().getPassword());
}
}

23
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/redis/RedisSecurityMode.java
View File

@ -1,7 +1,5 @@
package eu.dnetlib.uoaauthorizationlibrary.authorization.redis;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.Redis;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.SecurityProperties;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.AuthorizationService;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.EntryPoint;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.SecurityMode;
@ -10,8 +8,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.stereotype.Component;
import java.util.Map;
@Component
public class RedisSecurityMode implements SecurityMode {
@ -28,24 +24,7 @@ public class RedisSecurityMode implements SecurityMode {
public HttpSecurity security(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable);
http.exceptionHandling(handler -> handler.authenticationEntryPoint(entryPoint));
http.authorizeHttpRequests(auth -> auth.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").hasAuthority(this.service.PORTAL_ADMIN).anyRequest().permitAll());
http.authorizeHttpRequests(auth -> auth.requestMatchers("/documentation/swagger-ui/**", "/v3/api-docs/**").hasAuthority(this.service.PORTAL_ADMIN).anyRequest().permitAll());
return http;
}
@Override
public void checkProperties(SecurityProperties properties) {
Redis redis = properties.getRedis();
if (redis.getHost() == null || redis.getHost().isEmpty()) {
throw new RuntimeException("authorization.security.redis.host is missing!");
} else if (redis.getPort() == null || redis.getPort().isEmpty()) {
throw new RuntimeException("authorization.security.redis.port is missing!");
}
}
@Override
public void getProperties(Map<String, String> map, SecurityProperties properties) {
map.put("authorization.security.redis.host", properties.getRedis().getHost());
map.put("authorization.security.redis.port", properties.getRedis().getPort());
map.put("authorization.security.redis.password", properties.getRedis().getPassword());
}
}

2
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/security/AuthorizationService.java
View File

@ -1,9 +1,9 @@
package eu.dnetlib.uoaauthorizationlibrary.authorization.security;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.stereotype.Component;

12
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/security/CheckProperties.java Normal file
View File

@ -0,0 +1,12 @@
package eu.dnetlib.uoaauthorizationlibrary.authorization.security;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.SecurityProperties;
import java.util.Map;
public interface CheckProperties {
void checkProperties(SecurityProperties securityProperties);
void getProperties(Map<String, String> map, SecurityProperties properties);
}

8
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/security/SecurityMode.java
View File

@ -1,16 +1,8 @@
package eu.dnetlib.uoaauthorizationlibrary.authorization.security;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.SecurityProperties;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.stereotype.Component;
import java.util.Map;
public interface SecurityMode {
HttpSecurity security(HttpSecurity http) throws Exception;
void checkProperties(SecurityProperties securityProperties);
void getProperties(Map<String, String> map, SecurityProperties properties);
}

5
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/AuthorizationFilter.java
View File

@ -3,17 +3,14 @@ package eu.dnetlib.uoaauthorizationlibrary.authorization.stateless;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.OpenAIREAuthentication;
import jakarta.servlet.*;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import java.io.IOException;
@Component
public class AuthorizationFilter implements Filter {
private final AuthorizationProvider authorizationProvider;
@Autowired
AuthorizationFilter(AuthorizationProvider authorizationProvider) {
this.authorizationProvider = authorizationProvider;
}

1
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/AuthorizationUtils.java
View File

@ -10,6 +10,7 @@ import org.springframework.http.*;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;
import java.util.Arrays;
import java.util.Collections;

23
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/StatelessCheckProperties.java Normal file
View File

@ -0,0 +1,23 @@
package eu.dnetlib.uoaauthorizationlibrary.authorization.stateless;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.SecurityProperties;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.CheckProperties;
import org.springframework.stereotype.Component;
import java.util.Map;
@Component
public class StatelessCheckProperties implements CheckProperties {
@Override
public void checkProperties(SecurityProperties properties) {
if(properties.getUserInfoUrl() == null || properties.getUserInfoUrl().isEmpty()) {
throw new RuntimeException("authorization.security.userInfoUrl is missing!");
}
}
@Override
public void getProperties(Map<String, String> map, SecurityProperties properties) {
map.put("authorization.security.userInfoUrl", properties.getUserInfoUrl());
}
}

25
src/main/java/eu/dnetlib/uoaauthorizationlibrary/authorization/stateless/StatelessSecurityMode.java
View File

@ -1,6 +1,5 @@
package eu.dnetlib.uoaauthorizationlibrary.authorization.stateless;
import eu.dnetlib.uoaauthorizationlibrary.authorization.configuration.SecurityProperties;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.AuthorizationService;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.EntryPoint;
import eu.dnetlib.uoaauthorizationlibrary.authorization.security.SecurityMode;
@ -11,18 +10,16 @@ import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.stereotype.Component;
import java.util.Map;
@Component
public class StatelessSecurityMode implements SecurityMode {
private final AuthorizationFilter filter;
private final AuthorizationProvider provider;
private final EntryPoint entryPoint;
private final AuthorizationService service;
@Autowired
public StatelessSecurityMode(AuthorizationFilter filter, EntryPoint entryPoint, AuthorizationService service) {
this.filter = filter;
public StatelessSecurityMode(AuthorizationProvider provider, EntryPoint entryPoint, AuthorizationService service) {
this.provider = provider;
this.entryPoint = entryPoint;
this.service = service;
}
@ -31,21 +28,9 @@ public class StatelessSecurityMode implements SecurityMode {
public HttpSecurity security(HttpSecurity http) throws Exception {
http.csrf(AbstractHttpConfigurer::disable);
http.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.addFilterBefore(filter, BasicAuthenticationFilter.class);
http.addFilterBefore(new AuthorizationFilter(this.provider), BasicAuthenticationFilter.class);
http.exceptionHandling(handler -> handler.authenticationEntryPoint(entryPoint));
http.authorizeHttpRequests(auth -> auth.requestMatchers("/swagger-ui/**", "/v3/api-docs/**").hasAuthority(this.service.PORTAL_ADMIN).anyRequest().permitAll());
http.authorizeHttpRequests(auth -> auth.requestMatchers("/documentation/swagger-ui/**", "/v3/api-docs/**").hasAuthority(this.service.PORTAL_ADMIN).anyRequest().permitAll());
return http;
}
@Override
public void checkProperties(SecurityProperties properties) {
if(properties.getUserInfoUrl() == null || properties.getUserInfoUrl().isEmpty()) {
throw new RuntimeException("authorization.security.userInfoUrl is missing!");
}
}
@Override
public void getProperties(Map<String, String> map, SecurityProperties properties) {
map.put("authorization.security.userInfoUrl", properties.getUserInfoUrl());
}
}

2
src/main/resources/authorization.properties
View File

@ -2,3 +2,5 @@ authorization.security.domain=di.uoa.gr
authorization.security.session=openAIRESession
authorization.global-vars.buildDate=@timestampAuthorizationLibrary@
authorization.global-vars.version=@project.version@
springdoc.swagger-ui.path=/documentation/swagger-ui