Add classifier to enable Redis Authorization. Default Stateless Authorization
This commit is contained in:
parent
38ac5d60ea
commit
b30fb5fd0b
55
pom.xml
55
pom.xml
|
@ -48,6 +48,30 @@
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-security</artifactId>
|
<artifactId>spring-boot-starter-security</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-data-redis</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.session</groupId>
|
||||||
|
<artifactId>spring-session-data-redis</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>biz.paluch.redis</groupId>
|
||||||
|
<artifactId>lettuce</artifactId>
|
||||||
|
<version>4.3.3.Final</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.mitre</groupId>
|
||||||
|
<artifactId>openid-connect-client</artifactId>
|
||||||
|
<version>1.3.0</version>
|
||||||
|
<exclusions>
|
||||||
|
<exclusion>
|
||||||
|
<groupId>org.bouncycastle</groupId>
|
||||||
|
<artifactId>bcprov-jdk15on</artifactId>
|
||||||
|
</exclusion>
|
||||||
|
</exclusions>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.google.code.gson</groupId>
|
<groupId>com.google.code.gson</groupId>
|
||||||
<artifactId>gson</artifactId>
|
<artifactId>gson</artifactId>
|
||||||
|
@ -61,6 +85,37 @@
|
||||||
</dependencies>
|
</dependencies>
|
||||||
<build>
|
<build>
|
||||||
<plugins>
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-jar-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>default-jar</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>jar</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<excludes>
|
||||||
|
<exclude>**/eu/dnetlib/uoaauthorizationlibrary/redis/**</exclude>
|
||||||
|
</excludes>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
<execution>
|
||||||
|
<id>redis</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>jar</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<classifier>redis</classifier>
|
||||||
|
<excludes>
|
||||||
|
<exclude>**/eu/dnetlib/uoaauthorizationlibrary/stateless/**</exclude>
|
||||||
|
</excludes>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
<finalName>uoa-authorization-library</finalName>
|
<finalName>uoa-authorization-library</finalName>
|
||||||
<resources>
|
<resources>
|
||||||
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
package eu.dnetlib.uoaauthorizationlibrary.configuration;
|
||||||
|
|
||||||
|
public class Redis {
|
||||||
|
|
||||||
|
private String host = "localhost";
|
||||||
|
private String port = "6379";
|
||||||
|
private String password;
|
||||||
|
|
||||||
|
public Redis() {
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getHost() {
|
||||||
|
return host;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setHost(String host) {
|
||||||
|
this.host = host;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getPort() {
|
||||||
|
return port;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPort(String port) {
|
||||||
|
this.port = port;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getPassword() {
|
||||||
|
return password;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPassword(String password) {
|
||||||
|
this.password = password;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
return "Redis{" +
|
||||||
|
"host='" + host + '\'' +
|
||||||
|
", port='" + port + '\'' +
|
||||||
|
", password='" + password + '\'' +
|
||||||
|
'}';
|
||||||
|
}
|
||||||
|
}
|
|
@ -5,9 +5,19 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||||
@ConfigurationProperties("authorization.security")
|
@ConfigurationProperties("authorization.security")
|
||||||
public class SecurityConfig {
|
public class SecurityConfig {
|
||||||
|
|
||||||
|
private Redis redis = new Redis();
|
||||||
private String userInfoUrl;
|
private String userInfoUrl;
|
||||||
|
private String domain;
|
||||||
private String session;
|
private String session;
|
||||||
|
|
||||||
|
public Redis getRedis() {
|
||||||
|
return redis;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRedis(Redis redis) {
|
||||||
|
this.redis = redis;
|
||||||
|
}
|
||||||
|
|
||||||
public String getUserInfoUrl() {
|
public String getUserInfoUrl() {
|
||||||
return userInfoUrl;
|
return userInfoUrl;
|
||||||
}
|
}
|
||||||
|
@ -16,6 +26,14 @@ public class SecurityConfig {
|
||||||
this.userInfoUrl = userInfoUrl;
|
this.userInfoUrl = userInfoUrl;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getDomain() {
|
||||||
|
return domain;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDomain(String domain) {
|
||||||
|
this.domain = domain;
|
||||||
|
}
|
||||||
|
|
||||||
public String getSession() {
|
public String getSession() {
|
||||||
return session;
|
return session;
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,16 +27,18 @@ public class AuthorizationLibraryCheckDeployController {
|
||||||
|
|
||||||
@RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)
|
@RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)
|
||||||
public String hello() {
|
public String hello() {
|
||||||
log.debug("Hello from uoa-authorization-service!");
|
log.debug("Hello from uoa-authorization-library!");
|
||||||
return "Hello from uoa-authorization-service!";
|
return "Hello from uoa-authorization-library!";
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
||||||
@RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
|
@RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
|
||||||
public Map<String, String> checkEverything() {
|
public Map<String, String> checkEverything() {
|
||||||
Map<String, String> response = new HashMap<>();
|
Map<String, String> response = new HashMap<>();
|
||||||
|
response.put("authorization.security.redis.host", securityConfig.getRedis().getHost());
|
||||||
response.put("authorization.security.userInfoUrl", securityConfig.getUserInfoUrl());
|
response.put("authorization.security.userInfoUrl", securityConfig.getUserInfoUrl());
|
||||||
response.put("authorization.security.session", securityConfig.getSession());
|
response.put("authorization.security.session", securityConfig.getSession());
|
||||||
|
response.put("authorization.security.domain", securityConfig.getDomain());
|
||||||
if(GlobalVars.date != null) {
|
if(GlobalVars.date != null) {
|
||||||
response.put("Date of deploy", GlobalVars.date.toString());
|
response.put("Date of deploy", GlobalVars.date.toString());
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
package eu.dnetlib.uoaauthorizationlibrary.redis.configuration;
|
||||||
|
|
||||||
|
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
|
||||||
|
import org.apache.log4j.Logger;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
|
||||||
|
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
|
||||||
|
import org.springframework.session.web.http.CookieSerializer;
|
||||||
|
import org.springframework.session.web.http.DefaultCookieSerializer;
|
||||||
|
|
||||||
|
@EnableRedisHttpSession
|
||||||
|
@Configuration
|
||||||
|
public class RedisConfig {
|
||||||
|
|
||||||
|
private final SecurityConfig securityConfig;
|
||||||
|
private static final Logger logger = Logger.getLogger(RedisConfig.class);
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
public RedisConfig(SecurityConfig securityConfig) {this.securityConfig = securityConfig;}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public LettuceConnectionFactory connectionFactory() {
|
||||||
|
logger.info(String.format("Redis connection listens to %s:%s ", securityConfig.getRedis().getHost(), securityConfig.getRedis().getPort()));
|
||||||
|
LettuceConnectionFactory factory = new LettuceConnectionFactory(securityConfig.getRedis().getHost(), Integer.parseInt(securityConfig.getRedis().getPort()));
|
||||||
|
if (securityConfig.getRedis().getPassword() != null) factory.setPassword(securityConfig.getRedis().getPassword());
|
||||||
|
return factory;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public CookieSerializer cookieSerializer() {
|
||||||
|
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
|
||||||
|
serializer.setCookieName(securityConfig.getSession());
|
||||||
|
serializer.setCookiePath("/");
|
||||||
|
serializer.setDomainName(securityConfig.getDomain());
|
||||||
|
return serializer;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,20 @@
|
||||||
|
package eu.dnetlib.uoaauthorizationlibrary.redis.security;
|
||||||
|
|
||||||
|
import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
|
||||||
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
|
||||||
|
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
||||||
|
@EnableWebSecurity
|
||||||
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
http.csrf().disable();
|
||||||
|
http.authorizeRequests().anyRequest().permitAll();
|
||||||
|
http.httpBasic().authenticationEntryPoint(new EntryPoint());
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -1,6 +1,7 @@
|
||||||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
package eu.dnetlib.uoaauthorizationlibrary.security;
|
||||||
|
|
||||||
import org.apache.log4j.Logger;
|
import org.apache.log4j.Logger;
|
||||||
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
@ -70,7 +71,7 @@ public class AuthorizationService {
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<String> getRoles() {
|
public List<String> getRoles() {
|
||||||
OpenAIREAuthentication authentication = getAuthentication();
|
Authentication authentication = getAuthentication();
|
||||||
if (authentication != null && authentication.isAuthenticated()) {
|
if (authentication != null && authentication.isAuthenticated()) {
|
||||||
return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
|
return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
@ -78,25 +79,33 @@ public class AuthorizationService {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getAaiId() {
|
public String getAaiId() {
|
||||||
OpenAIREAuthentication authentication = getAuthentication();
|
Authentication authentication = getAuthentication();
|
||||||
if (authentication != null && authentication.isAuthenticated()) {
|
if (authentication != null && authentication.isAuthenticated()) {
|
||||||
return authentication.getUser().getSub();
|
if(authentication instanceof OpenAIREAuthentication) {
|
||||||
|
return ((OpenAIREAuthentication) authentication).getUser().getSub();
|
||||||
|
} else {
|
||||||
|
return ((OIDCAuthenticationToken) authentication).getUserInfo().getSub();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getEmail() {
|
public String getEmail() {
|
||||||
OpenAIREAuthentication authentication = getAuthentication();
|
Authentication authentication = getAuthentication();
|
||||||
if (authentication != null && authentication.isAuthenticated()) {
|
if (authentication != null && authentication.isAuthenticated()) {
|
||||||
return authentication.getUser().getEmail();
|
if(authentication instanceof OpenAIREAuthentication) {
|
||||||
|
return ((OpenAIREAuthentication) authentication).getUser().getEmail();
|
||||||
|
} else {
|
||||||
|
return ((OIDCAuthenticationToken) authentication).getUserInfo().getEmail();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
private OpenAIREAuthentication getAuthentication() {
|
private Authentication getAuthentication() {
|
||||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||||
if(authentication instanceof OpenAIREAuthentication) {
|
if(authentication instanceof OpenAIREAuthentication || authentication instanceof OIDCAuthenticationToken) {
|
||||||
return (OpenAIREAuthentication) authentication;
|
return authentication;
|
||||||
} else {
|
} else {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
package eu.dnetlib.uoaauthorizationlibrary.security;
|
||||||
|
|
||||||
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
|
import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
|
||||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||||
|
|
||||||
public class OpenAIREAuthentication extends AbstractAuthenticationToken {
|
public class OpenAIREAuthentication extends AbstractAuthenticationToken {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
|
||||||
|
|
||||||
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
|
import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
|
||||||
import org.apache.log4j.Logger;
|
import org.apache.log4j.Logger;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
@ -1,6 +1,5 @@
|
||||||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
|
||||||
|
|
||||||
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
|
|
||||||
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
|
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
import org.springframework.security.web.DefaultSecurityFilterChain;
|
|
@ -1,7 +1,8 @@
|
||||||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
|
||||||
|
|
||||||
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
|
import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
|
||||||
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
|
import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.AuthorizationUtils;
|
||||||
|
import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
|
||||||
|
|
||||||
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
|
import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.context.annotation.ComponentScan;
|
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
|
@ -11,7 +10,6 @@ import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
|
|
||||||
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
|
|
||||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
private final AuthorizationFilter filter;
|
private final AuthorizationFilter filter;
|
|
@ -1,4 +1,4 @@
|
||||||
package eu.dnetlib.uoaauthorizationlibrary.utils;
|
package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
|
||||||
|
|
||||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
|
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
|
||||||
import org.apache.log4j.Logger;
|
import org.apache.log4j.Logger;
|
|
@ -1,4 +1,4 @@
|
||||||
package eu.dnetlib.uoaauthorizationlibrary.utils;
|
package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
|
||||||
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|
@ -1,5 +1,7 @@
|
||||||
#dev
|
#dev
|
||||||
|
spring.session.store-type=none
|
||||||
authorization.security.userInfoUrl = http://mpagasas.di.uoa.gr:8080/login-service/userInfo
|
authorization.security.userInfoUrl = http://mpagasas.di.uoa.gr:8080/login-service/userInfo
|
||||||
|
authorization.security.domain=di.uoa.gr
|
||||||
authorization.security.session=openAIRESession
|
authorization.security.session=openAIRESession
|
||||||
authorization.globalVars.buildDate=@timestampAuthorizationLibrary@
|
authorization.globalVars.buildDate=@timestampAuthorizationLibrary@
|
||||||
authorization.globalVars.version=@project.version@
|
authorization.globalVars.version=@project.version@
|
||||||
|
|
Loading…
Reference in New Issue