Add classifier to enable Redis Authorization. Default Stateless Authorization

pom.xml

@@ -48,6 +48,30 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-redis</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.session</groupId>
+			<artifactId>spring-session-data-redis</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>biz.paluch.redis</groupId>
+			<artifactId>lettuce</artifactId>
+			<version>4.3.3.Final</version>
+		</dependency>
+		<dependency>
+			<groupId>org.mitre</groupId>
+			<artifactId>openid-connect-client</artifactId>
+			<version>1.3.0</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.bouncycastle</groupId>
+					<artifactId>bcprov-jdk15on</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
 		<dependency>
 			<groupId>com.google.code.gson</groupId>
 			<artifactId>gson</artifactId>
@@ -61,6 +85,37 @@
     </dependencies>
 	<build>
 		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>default-jar</id>
+						<phase>package</phase>
+						<goals>
+							<goal>jar</goal>
+						</goals>
+						<configuration>
+							<excludes>
+								<exclude>**/eu/dnetlib/uoaauthorizationlibrary/redis/**</exclude>
+							</excludes>
+						</configuration>
+					</execution>
+					<execution>
+						<id>redis</id>
+						<phase>package</phase>
+						<goals>
+							<goal>jar</goal>
+						</goals>
+						<configuration>
+							<classifier>redis</classifier>
+							<excludes>
+								<exclude>**/eu/dnetlib/uoaauthorizationlibrary/stateless/**</exclude>
+							</excludes>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
         <finalName>uoa-authorization-library</finalName>
         <resources>

src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/Redis.java

@@ -0,0 +1,44 @@
+package eu.dnetlib.uoaauthorizationlibrary.configuration;
+
+public class Redis {
+
+    private String host = "localhost";
+    private String port = "6379";
+    private String password;
+
+    public Redis() {
+    }
+
+    public String getHost() {
+        return host;
+    }
+
+    public void setHost(String host) {
+        this.host = host;
+    }
+
+    public String getPort() {
+        return port;
+    }
+
+    public void setPort(String port) {
+        this.port = port;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    @Override
+    public String toString() {
+        return "Redis{" +
+                "host='" + host + '\'' +
+                ", port='" + port + '\'' +
+                ", password='" + password + '\'' +
+                '}';
+    }
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/SecurityConfig.java

@@ -5,9 +5,19 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 @ConfigurationProperties("authorization.security")
 public class SecurityConfig {
 
+    private Redis redis = new Redis();
     private String userInfoUrl;
+    private String domain;
     private String session;
 
+    public Redis getRedis() {
+        return redis;
+    }
+
+    public void setRedis(Redis redis) {
+        this.redis = redis;
+    }
+
     public String getUserInfoUrl() {
         return userInfoUrl;
     }
@@ -16,6 +26,14 @@ public class SecurityConfig {
         this.userInfoUrl = userInfoUrl;
     }
 
+    public String getDomain() {
+        return domain;
+    }
+
+    public void setDomain(String domain) {
+        this.domain = domain;
+    }
+
     public String getSession() {
         return session;
     }

src/main/java/eu/dnetlib/uoaauthorizationlibrary/controllers/AuthorizationLibraryCheckDeployController.java

@@ -27,16 +27,18 @@ public class AuthorizationLibraryCheckDeployController {
 
     @RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)
     public String hello() {
-        log.debug("Hello from uoa-authorization-service!");
-        return "Hello from uoa-authorization-service!";
+        log.debug("Hello from uoa-authorization-library!");
+        return "Hello from uoa-authorization-library!";
     }
 
     @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
     @RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
     public Map<String, String> checkEverything() {
         Map<String, String> response = new HashMap<>();
+        response.put("authorization.security.redis.host", securityConfig.getRedis().getHost());
         response.put("authorization.security.userInfoUrl", securityConfig.getUserInfoUrl());
         response.put("authorization.security.session", securityConfig.getSession());
+        response.put("authorization.security.domain", securityConfig.getDomain());
         if(GlobalVars.date != null) {
             response.put("Date of deploy", GlobalVars.date.toString());
         }

src/main/java/eu/dnetlib/uoaauthorizationlibrary/redis/configuration/RedisConfig.java

@@ -0,0 +1,39 @@
+package eu.dnetlib.uoaauthorizationlibrary.redis.configuration;
+
+import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.http.CookieSerializer;
+import org.springframework.session.web.http.DefaultCookieSerializer;
+
+@EnableRedisHttpSession
+@Configuration
+public class RedisConfig {
+
+    private final SecurityConfig securityConfig;
+    private static final Logger logger = Logger.getLogger(RedisConfig.class);
+
+    @Autowired
+    public RedisConfig(SecurityConfig securityConfig) {this.securityConfig = securityConfig;}
+
+    @Bean
+    public LettuceConnectionFactory connectionFactory() {
+        logger.info(String.format("Redis connection listens to %s:%s ", securityConfig.getRedis().getHost(), securityConfig.getRedis().getPort()));
+        LettuceConnectionFactory factory = new LettuceConnectionFactory(securityConfig.getRedis().getHost(), Integer.parseInt(securityConfig.getRedis().getPort()));
+        if (securityConfig.getRedis().getPassword() != null) factory.setPassword(securityConfig.getRedis().getPassword());
+        return factory;
+    }
+
+    @Bean
+    public CookieSerializer cookieSerializer() {
+        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
+        serializer.setCookieName(securityConfig.getSession());
+        serializer.setCookiePath("/");
+        serializer.setDomainName(securityConfig.getDomain());
+        return serializer;
+    }
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/redis/security/WebSecurityConfig.java

@@ -0,0 +1,20 @@
+package eu.dnetlib.uoaauthorizationlibrary.redis.security;
+
+import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable();
+        http.authorizeRequests().anyRequest().permitAll();
+        http.httpBasic().authenticationEntryPoint(new EntryPoint());
+    }
+
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationService.java

@@ -1,6 +1,7 @@
 package eu.dnetlib.uoaauthorizationlibrary.security;
 
 import org.apache.log4j.Logger;
+import org.mitre.openid.connect.model.OIDCAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -70,7 +71,7 @@ public class AuthorizationService {
     }
 
     public List<String> getRoles() {
-        OpenAIREAuthentication authentication = getAuthentication();
+        Authentication authentication = getAuthentication();
         if (authentication != null && authentication.isAuthenticated()) {
             return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
         }
@@ -78,25 +79,33 @@ public class AuthorizationService {
     }
 
     public String getAaiId() {
-        OpenAIREAuthentication authentication = getAuthentication();
+        Authentication authentication = getAuthentication();
         if (authentication != null && authentication.isAuthenticated()) {
-            return authentication.getUser().getSub();
+            if(authentication instanceof OpenAIREAuthentication) {
+                return ((OpenAIREAuthentication) authentication).getUser().getSub();
+            } else {
+                return ((OIDCAuthenticationToken) authentication).getUserInfo().getSub();
+            }
         }
         return null;
     }
 
     public String getEmail() {
-        OpenAIREAuthentication authentication = getAuthentication();
+        Authentication authentication = getAuthentication();
         if (authentication != null && authentication.isAuthenticated()) {
-            return authentication.getUser().getEmail();
+            if(authentication instanceof OpenAIREAuthentication) {
+                return ((OpenAIREAuthentication) authentication).getUser().getEmail();
+            } else {
+                return ((OIDCAuthenticationToken) authentication).getUserInfo().getEmail();
+            }
         }
         return null;
     }
 
-    private OpenAIREAuthentication getAuthentication() {
+    private Authentication getAuthentication() {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        if(authentication instanceof OpenAIREAuthentication) {
-            return (OpenAIREAuthentication) authentication;
+        if(authentication instanceof OpenAIREAuthentication || authentication instanceof OIDCAuthenticationToken) {
+            return authentication;
         } else {
             return null;
         }

src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/OpenAIREAuthentication.java

@@ -1,6 +1,6 @@
 package eu.dnetlib.uoaauthorizationlibrary.security;
 
-import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
+import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 
 public class OpenAIREAuthentication extends AbstractAuthenticationToken {

src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/AuthorizationFilter.java

@@ -1,6 +1,6 @@
-package eu.dnetlib.uoaauthorizationlibrary.security;
+package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
 
-import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
+import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/AuthorizationFilterConfigurer.java

@@ -1,6 +1,5 @@
-package eu.dnetlib.uoaauthorizationlibrary.security;
+package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
 
-import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
 import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.DefaultSecurityFilterChain;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/AuthorizationProvider.java

@@ -1,7 +1,8 @@
-package eu.dnetlib.uoaauthorizationlibrary.security;
+package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
 
-import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
-import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
+import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
+import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.AuthorizationUtils;
+import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 

src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/WebSecurityConfig.java

@@ -1,8 +1,7 @@
-package eu.dnetlib.uoaauthorizationlibrary.security;
+package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
 
-import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
+import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.ComponentScan;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -11,7 +10,6 @@ import org.springframework.security.config.http.SessionCreationPolicy;
 
 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 @EnableWebSecurity
-@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     private final AuthorizationFilter filter;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/utils/AuthorizationUtils.java

@@ -1,4 +1,4 @@
-package eu.dnetlib.uoaauthorizationlibrary.utils;
+package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
 
 import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
 import org.apache.log4j.Logger;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/utils/UserInfo.java

@@ -1,4 +1,4 @@
-package eu.dnetlib.uoaauthorizationlibrary.utils;
+package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;

src/main/resources/authorization.properties

@@ -1,5 +1,7 @@
 #dev
+spring.session.store-type=none
 authorization.security.userInfoUrl = http://mpagasas.di.uoa.gr:8080/login-service/userInfo
+authorization.security.domain=di.uoa.gr
 authorization.security.session=openAIRESession
 authorization.globalVars.buildDate=@timestampAuthorizationLibrary@
 authorization.globalVars.version=@project.version@