Add classifier to enable Redis Authorization. Default Stateless Authorization

This commit is contained in:
Konstantinos Triantafyllou 2021-12-07 09:23:36 +00:00
parent 38ac5d60ea
commit b30fb5fd0b
15 changed files with 211 additions and 24 deletions

55
pom.xml
View File

@ -48,6 +48,30 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
<dependency>
<groupId>biz.paluch.redis</groupId>
<artifactId>lettuce</artifactId>
<version>4.3.3.Final</version>
</dependency>
<dependency>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-client</artifactId>
<version>1.3.0</version>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
@ -61,6 +85,37 @@
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<id>default-jar</id>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<excludes>
<exclude>**/eu/dnetlib/uoaauthorizationlibrary/redis/**</exclude>
</excludes>
</configuration>
</execution>
<execution>
<id>redis</id>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
<configuration>
<classifier>redis</classifier>
<excludes>
<exclude>**/eu/dnetlib/uoaauthorizationlibrary/stateless/**</exclude>
</excludes>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
<finalName>uoa-authorization-library</finalName>
<resources>

View File

@ -0,0 +1,44 @@
package eu.dnetlib.uoaauthorizationlibrary.configuration;
public class Redis {
private String host = "localhost";
private String port = "6379";
private String password;
public Redis() {
}
public String getHost() {
return host;
}
public void setHost(String host) {
this.host = host;
}
public String getPort() {
return port;
}
public void setPort(String port) {
this.port = port;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public String toString() {
return "Redis{" +
"host='" + host + '\'' +
", port='" + port + '\'' +
", password='" + password + '\'' +
'}';
}
}

View File

@ -5,9 +5,19 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
@ConfigurationProperties("authorization.security")
public class SecurityConfig {
private Redis redis = new Redis();
private String userInfoUrl;
private String domain;
private String session;
public Redis getRedis() {
return redis;
}
public void setRedis(Redis redis) {
this.redis = redis;
}
public String getUserInfoUrl() {
return userInfoUrl;
}
@ -16,6 +26,14 @@ public class SecurityConfig {
this.userInfoUrl = userInfoUrl;
}
public String getDomain() {
return domain;
}
public void setDomain(String domain) {
this.domain = domain;
}
public String getSession() {
return session;
}

View File

@ -27,16 +27,18 @@ public class AuthorizationLibraryCheckDeployController {
@RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)
public String hello() {
log.debug("Hello from uoa-authorization-service!");
return "Hello from uoa-authorization-service!";
log.debug("Hello from uoa-authorization-library!");
return "Hello from uoa-authorization-library!";
}
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
@RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
public Map<String, String> checkEverything() {
Map<String, String> response = new HashMap<>();
response.put("authorization.security.redis.host", securityConfig.getRedis().getHost());
response.put("authorization.security.userInfoUrl", securityConfig.getUserInfoUrl());
response.put("authorization.security.session", securityConfig.getSession());
response.put("authorization.security.domain", securityConfig.getDomain());
if(GlobalVars.date != null) {
response.put("Date of deploy", GlobalVars.date.toString());
}

View File

@ -0,0 +1,39 @@
package eu.dnetlib.uoaauthorizationlibrary.redis.configuration;
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
@EnableRedisHttpSession
@Configuration
public class RedisConfig {
private final SecurityConfig securityConfig;
private static final Logger logger = Logger.getLogger(RedisConfig.class);
@Autowired
public RedisConfig(SecurityConfig securityConfig) {this.securityConfig = securityConfig;}
@Bean
public LettuceConnectionFactory connectionFactory() {
logger.info(String.format("Redis connection listens to %s:%s ", securityConfig.getRedis().getHost(), securityConfig.getRedis().getPort()));
LettuceConnectionFactory factory = new LettuceConnectionFactory(securityConfig.getRedis().getHost(), Integer.parseInt(securityConfig.getRedis().getPort()));
if (securityConfig.getRedis().getPassword() != null) factory.setPassword(securityConfig.getRedis().getPassword());
return factory;
}
@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName(securityConfig.getSession());
serializer.setCookiePath("/");
serializer.setDomainName(securityConfig.getDomain());
return serializer;
}
}

View File

@ -0,0 +1,20 @@
package eu.dnetlib.uoaauthorizationlibrary.redis.security;
import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().anyRequest().permitAll();
http.httpBasic().authenticationEntryPoint(new EntryPoint());
}
}

View File

@ -1,6 +1,7 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
@ -70,7 +71,7 @@ public class AuthorizationService {
}
public List<String> getRoles() {
OpenAIREAuthentication authentication = getAuthentication();
Authentication authentication = getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
}
@ -78,25 +79,33 @@ public class AuthorizationService {
}
public String getAaiId() {
OpenAIREAuthentication authentication = getAuthentication();
Authentication authentication = getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
return authentication.getUser().getSub();
if(authentication instanceof OpenAIREAuthentication) {
return ((OpenAIREAuthentication) authentication).getUser().getSub();
} else {
return ((OIDCAuthenticationToken) authentication).getUserInfo().getSub();
}
}
return null;
}
public String getEmail() {
OpenAIREAuthentication authentication = getAuthentication();
Authentication authentication = getAuthentication();
if (authentication != null && authentication.isAuthenticated()) {
return authentication.getUser().getEmail();
if(authentication instanceof OpenAIREAuthentication) {
return ((OpenAIREAuthentication) authentication).getUser().getEmail();
} else {
return ((OIDCAuthenticationToken) authentication).getUserInfo().getEmail();
}
}
return null;
}
private OpenAIREAuthentication getAuthentication() {
private Authentication getAuthentication() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if(authentication instanceof OpenAIREAuthentication) {
return (OpenAIREAuthentication) authentication;
if(authentication instanceof OpenAIREAuthentication || authentication instanceof OIDCAuthenticationToken) {
return authentication;
} else {
return null;
}

View File

@ -1,6 +1,6 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
import org.springframework.security.authentication.AbstractAuthenticationToken;
public class OpenAIREAuthentication extends AbstractAuthenticationToken {

View File

@ -1,6 +1,6 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;

View File

@ -1,6 +1,5 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;

View File

@ -1,7 +1,8 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.AuthorizationUtils;
import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

View File

@ -1,8 +1,7 @@
package eu.dnetlib.uoaauthorizationlibrary.security;
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -11,7 +10,6 @@ import org.springframework.security.config.http.SessionCreationPolicy;
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final AuthorizationFilter filter;

View File

@ -1,4 +1,4 @@
package eu.dnetlib.uoaauthorizationlibrary.utils;
package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
import org.apache.log4j.Logger;

View File

@ -1,4 +1,4 @@
package eu.dnetlib.uoaauthorizationlibrary.utils;
package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

View File

@ -1,5 +1,7 @@
#dev
spring.session.store-type=none
authorization.security.userInfoUrl = http://mpagasas.di.uoa.gr:8080/login-service/userInfo
authorization.security.domain=di.uoa.gr
authorization.security.session=openAIRESession
authorization.globalVars.buildDate=@timestampAuthorizationLibrary@
authorization.globalVars.version=@project.version@