Create OpenAIREAuthentication object. Get user Info supports new login service user Info implementation

master
parent 006e289b50
commit ae71a30dcc

@ -7,7 +7,7 @@
<version>1.0.0</version>
</parent>
<artifactId>uoa-authorization-library</artifactId>
<version>1.0.1-SNAPSHOT</version>
<version>2.0.0-SNAPSHOT</version>
<packaging>jar</packaging>
<scm>
<developerConnection>scm:svn:https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-authorization-library/trunk</developerConnection>

@ -6,7 +6,6 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
public class SecurityConfig {
private String userInfoUrl;
private String originServer;
public String getUserInfoUrl() {
return userInfoUrl;
@ -16,12 +15,8 @@ public class SecurityConfig {
this.userInfoUrl = userInfoUrl;
}
public String getOriginServer() {
return originServer;
/** @deprecated */
public boolean isDeprecated() {
return userInfoUrl.contains("accessToken");
}
public void setOriginServer(String originServer) {
this.originServer = originServer;
}
}

@ -1,6 +1,5 @@
package eu.dnetlib.uoaauthorizationlibrary.controllers;
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
import eu.dnetlib.uoaauthorizationlibrary.configuration.GlobalVars;
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
import org.apache.log4j.Logger;
@ -36,17 +35,13 @@ public class AuthorizationLibraryCheckDeployController {
@RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
public Map<String, String> checkEverything() {
Map<String, String> response = new HashMap<>();
response.put("authorization.security.userInfoUrl", securityConfig.getUserInfoUrl());
response.put("authorization.security.originServer", securityConfig.getOriginServer());
if(GlobalVars.date != null) {
response.put("Date of deploy", GlobalVars.date.toString());
}
if(globalVars.getBuildDate() != null) {
response.put("Date of build", globalVars.getBuildDate());
}
return response;
}
}

@ -3,44 +3,32 @@ package eu.dnetlib.uoaauthorizationlibrary.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class AuthorizationFilter implements Filter {
private AuthorizationProvider authorizationProvider;
private AuthorizationUtils utils;
private final AuthorizationProvider authorizationProvider;
private final Logger log = Logger.getLogger(this.getClass());
@Autowired
AuthorizationFilter(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
AuthorizationFilter(AuthorizationProvider authorizationProvider) {
this.authorizationProvider = authorizationProvider;
this.utils = utils;
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
public void init(FilterConfig filterConfig) throws ServletException {}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
String token = utils.getToken(request);
if (token != null) {
Authentication auth = authorizationProvider.getAuthentication(token);
if(auth != null) {
SecurityContextHolder.getContext().setAuthentication(auth);
}
OpenAIREAuthentication auth = authorizationProvider.getAuthentication((HttpServletRequest) req);
if(auth != null) {
SecurityContextHolder.getContext().setAuthentication(auth);
}
filterChain.doFilter(req, res);
}

@ -1,7 +1,6 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
@ -9,24 +8,20 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
private AuthorizationProvider authorizationProvider;
private AuthorizationUtils utils;
private final AuthorizationFilter filter;
@Override
public void init(HttpSecurity http) throws Exception {
http.csrf().disable();
}
@Autowired
public AuthorizationFilterConfigurer(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
this.authorizationProvider = authorizationProvider;
this.utils = utils;
public AuthorizationFilterConfigurer(AuthorizationFilter filter) {
this.filter = filter;
}
@Override
public void configure(HttpSecurity http) throws Exception {
AuthorizationFilter customFilter = new AuthorizationFilter(authorizationProvider, utils);
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
}
}

@ -1,28 +1,27 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
@Component
public class AuthorizationProvider {
private UserDetailsServiceImpl userDetailsService;
private final AuthorizationUtils utils;
@Autowired
AuthorizationProvider(UserDetailsServiceImpl userDetailsService) {
this.userDetailsService = userDetailsService;
AuthorizationProvider(AuthorizationUtils utils) {
this.utils = utils;
}
public Authentication getAuthentication(String token) {
try {
UserDetails userDetails = userDetailsService.loadUserByUsername(token);
return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities());
} catch (UsernameNotFoundException e) {
return null;
}
public OpenAIREAuthentication getAuthentication(HttpServletRequest request) {
UserInfo user = utils.getUserInfo(request);
if(user != null) {
return new OpenAIREAuthentication(user);
}
return new OpenAIREAuthentication();
}
}

@ -1,10 +1,8 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
import org.apache.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
@ -71,27 +69,25 @@ public class AuthorizationService {
}
public List<String> getRoles() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null) {
OpenAIREAuthentication authentication = (OpenAIREAuthentication) SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
}
return new ArrayList<>();
}
public String getAaiId() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && (authentication.getPrincipal() instanceof User)) {
User user = (User) authentication.getPrincipal();
return user.getPassword();
OpenAIREAuthentication authentication = (OpenAIREAuthentication) SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
return authentication.getUser().getSub();
}
return null;
}
public String getEmail() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && (authentication.getPrincipal() instanceof User)) {
User user = (User) authentication.getPrincipal();
return user.getUsername();
OpenAIREAuthentication authentication = (OpenAIREAuthentication) SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
return authentication.getUser().getEmail();
}
return null;
}

@ -1,7 +1,5 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@ -9,13 +7,6 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
@Configuration
public class CorsConfig extends WebMvcConfigurerAdapter {
SecurityConfig securityConfig;
@Autowired
CorsConfig(SecurityConfig securityConfig) {
this.securityConfig = securityConfig;
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")

@ -0,0 +1,34 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
import org.springframework.security.authentication.AbstractAuthenticationToken;
public class OpenAIREAuthentication extends AbstractAuthenticationToken {
private final UserInfo user;
public OpenAIREAuthentication() {
super(null);
this.user = null;
setAuthenticated(false);
}
public OpenAIREAuthentication(UserInfo user) {
super(user.getAuthorities());
this.user = user;
setAuthenticated(true);
}
@Override
public Object getCredentials() {
return getUser().getSub();
}
@Override
public Object getPrincipal() {
return getUser();
}
public UserInfo getUser() {
return user;
}
}

@ -1,52 +0,0 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
private AuthorizationUtils utils;
@Autowired
public UserDetailsServiceImpl(AuthorizationUtils utils) {
this.utils = utils;
}
private List<GrantedAuthority> getAuthorities(List<String> roles) {
List<GrantedAuthority> authorities = new ArrayList<>();
for(String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
@Override
public UserDetails loadUserByUsername(String token) throws UsernameNotFoundException {
final UserInfo user = utils.getUserInfo(token);
if (user == null) {
throw new UsernameNotFoundException("invalid token: " + token);
}
return org.springframework.security.core.userdetails.User
.withUsername(user.getEmail()).password(user.getSub())
.authorities(getAuthorities(user.getRoles()))
.accountExpired(false)
.accountLocked(false)
.credentialsExpired(false)
.disabled(false)
.build();
}
}

@ -14,18 +14,16 @@ import org.springframework.security.config.http.SessionCreationPolicy;
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private AuthorizationProvider authorizationProvider;
private AuthorizationUtils utils;
private final AuthorizationFilter filter;
@Autowired
WebSecurityConfig(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
this.authorizationProvider = authorizationProvider;
this.utils = utils;
WebSecurityConfig(AuthorizationFilter filter) {
this.filter = filter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.apply(new AuthorizationFilterConfigurer(authorizationProvider, utils));
http.apply(new AuthorizationFilterConfigurer(filter));
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().anyRequest().permitAll();
http.httpBasic().authenticationEntryPoint(new EntryPoint());

@ -1,49 +1,33 @@
package eu.dnetlib.uoaauthorizationlibrary.utils;
import com.google.gson.Gson;
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.*;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Collections;
@Component
public class AuthorizationUtils {
private final Logger log = Logger.getLogger(this.getClass());
private SecurityConfig securityConfig;
private final SecurityConfig securityConfig;
@Autowired
AuthorizationUtils(SecurityConfig securityConfig) {
this.securityConfig = securityConfig;
}
public String getToken(HttpServletRequest request) {
return this.getCookie(request, "AccessToken");
}
public boolean checkCookies(HttpServletRequest request) {
boolean valid = true;
String cookieValue = this.getCookie(request, "AccessToken");
if (cookieValue == null || cookieValue.isEmpty()) {
log.info("no cookie available ");
valid = false;
}
return valid;
}
private String getCookie(HttpServletRequest request, String cookieName) {
private String getToken(HttpServletRequest request) {
if (request.getCookies() == null) {
return null;
}
for (Cookie c : request.getCookies()) {
if (c.getName().equals(cookieName)) {
if (c.getName().equals("AccessToken")) {
return c.getValue();
}
@ -51,67 +35,22 @@ public class AuthorizationUtils {
return null;
}
public UserInfo getUserInfo(String accessToken) {
String url = securityConfig.getUserInfoUrl() + accessToken;
try {
URL obj = new URL(url);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
if (con.getResponseCode() != 200) {
log.debug("User info response code is: " + con.getResponseCode());
return null;
}
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
StringBuilder response = new StringBuilder();
String inputLine;
while ((inputLine = in.readLine()) != null) {
response.append(inputLine).append("\n");
}
in.close();
return json2UserInfo(response.toString());
} catch (Exception e) {
log.error("An error occured while trying to fetch user info ", e);
return null;
}
}
private UserInfo json2UserInfo(String json) {
if (json == null) {
return null;
}
BufferedReader br = new BufferedReader(new StringReader(json));
//convert the json string back to object
Gson gson = new Gson();
UserInfo userInfo = null;
try {
userInfo = gson.fromJson(br, UserInfo.class);
} catch (Exception e) {
log.debug("Error in parsing json response. Given json is : " + json, e);
return null;
}
public UserInfo getUserInfo(HttpServletRequest request) {
String url = securityConfig.getUserInfoUrl() + (securityConfig.isDeprecated()?getToken(request):"");
RestTemplate restTemplate = new RestTemplate();
try {
if (userInfo != null && userInfo.getEdu_person_entitlements() != null) {
for (int i = 0; i < userInfo.getEdu_person_entitlements().size(); i++) {
String role = userInfo.getEdu_person_entitlements().get(i);
role = role.split(":")[role.split(":").length - 1];
role = role.replace("+", " ");
userInfo.getEdu_person_entitlements().set(i, role);
}
}
} catch (Exception e) {
log.debug("Error in parsing Edu_person_entitlements : ", e);
ResponseEntity<UserInfo> response = restTemplate.exchange(url, HttpMethod.GET, createHeaders(request), UserInfo.class);
return response.getBody();
} catch (RestClientException e) {
log.error(e.getMessage());
return null;
}
return userInfo;
}
public boolean isAuthorized(String token) {
UserInfo userInfo = getUserInfo(token);
if (userInfo != null) {
return true;
} else {
log.debug(" User has no Valid UserInfo");
return false;
}
private HttpEntity<HttpHeaders> createHeaders(HttpServletRequest request) {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
headers.set("Cookie", request.getHeader("Cookie"));
return new HttpEntity<>(headers);
}
}

@ -1,14 +1,18 @@
package eu.dnetlib.uoaauthorizationlibrary.utils;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import java.util.HashSet;
import java.util.Set;
public class UserInfo {
String sub;
String name;
String email;
List<String> edu_person_entitlements = new ArrayList<String>();
List<String> roles = new ArrayList<>();
private String sub;
private String name;
private String given_name;
private String family_name;
private String email;
private Set<String> roles;
@Override
public String toString() {
@ -16,7 +20,6 @@ public class UserInfo {
"sub='" + sub + '\'' +
"name='" + name + '\'' +
", email='" + email + '\'' +
", edu_person_entitlements=" + edu_person_entitlements +
", roles=" + roles +
'}';
}
@ -37,27 +40,43 @@ public class UserInfo {
this.name = name;
}
public String getEmail() {
return email;
public String getGiven_name() {
return given_name;
}
public void setEmail(String email) {
this.email = email;
public void setGiven_name(String given_name) {
this.given_name = given_name;
}
public List<String> getEdu_person_entitlements() {
return edu_person_entitlements;
public String getFamily_name() {
return family_name;
}
public void setEdu_person_entitlements(List<String> edu_person_entitlements) {
this.edu_person_entitlements = edu_person_entitlements;
public void setFamily_name(String family_name) {
this.family_name = family_name;
}
public List<String> getRoles() {
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public Set<String> getRoles() {
return roles;
}
public void setRoles(List<String> roles) {
public void setRoles(Set<String> roles) {
this.roles = roles;
}
public Set<GrantedAuthority> getAuthorities() {
Set<GrantedAuthority> authorities = new HashSet<>();
for(String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
return authorities;
}
}

@ -1,13 +1,9 @@
#dev
authorization.security.userInfoUrl = http://mpagasas.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken=
authorization.security.originServer = di.uoa.gr
authorization.globalVars.buildDate=@timestampAuthorizationLibrary@
#beta
#authorization.security.userInfoUrl = https://beta.services.openaire.eu/uoa-user-management/api/users/getUserInfo?accessToken=
#authorization.security.originServer = .openaire.eu
#production
#authorization.security.userInfoUrl = https://services.openaire.eu/uoa-user-management/api/users/getUserInfo?accessToken=
#authorization.security.originServer = .openaire.eu

@ -1,20 +0,0 @@
log4j.rootLogger = DEBUG, R
log4j.logger.eu.dnetlib = DEBUG
log4j.logger.org.springframework = DEBUG, S
log4j.additivity.org.springframework = false
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=/var/log/dnet/uoa-authorization-library/uoa-authorization-library.log
log4j.appender.R.MaxFileSize=10MB
log4j.appender.R.MaxBackupIndex=10
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern= %d %p %t [%c] - %m%n
log4j.appender.S=org.apache.log4j.RollingFileAppender
log4j.appender.S.File=/var/log/dnet/uoa-authorization-library/uoa-authorization-library-spring.log
log4j.appender.S.MaxFileSize=10MB
log4j.appender.S.MaxBackupIndex=10
log4j.appender.S.layout=org.apache.log4j.PatternLayout
log4j.appender.S.layout.ConversionPattern= %d %p %t [%c] - %m%n
Loading…
Cancel
Save