Compare commits
34 Commits
authorizat
...
master
|
@ -0,0 +1,69 @@
|
|||
# ---> Java
|
||||
# Compiled class file
|
||||
*.class
|
||||
|
||||
# Log file
|
||||
*.log
|
||||
|
||||
# BlueJ files
|
||||
*.ctxt
|
||||
|
||||
# Mobile Tools for Java (J2ME)
|
||||
.mtj.tmp/
|
||||
|
||||
# Package Files #
|
||||
*.jar
|
||||
*.war
|
||||
*.nar
|
||||
*.ear
|
||||
*.zip
|
||||
*.tar.gz
|
||||
*.rar
|
||||
|
||||
# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
|
||||
hs_err_pid*
|
||||
|
||||
# ---> JetBrains
|
||||
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
|
||||
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
|
||||
|
||||
# User-specific stuff
|
||||
.idea/
|
||||
target/
|
||||
|
||||
# CMake
|
||||
cmake-build-*/
|
||||
|
||||
# Mongo Explorer plugin
|
||||
.idea/**/mongoSettings.xml
|
||||
|
||||
# File-based project format
|
||||
*.iws
|
||||
|
||||
# IntelliJ
|
||||
out/
|
||||
|
||||
# mpeltonen/sbt-idea plugin
|
||||
.idea_modules/
|
||||
|
||||
# JIRA plugin
|
||||
atlassian-ide-plugin.xml
|
||||
|
||||
# Cursive Clojure plugin
|
||||
.idea/replstate.xml
|
||||
|
||||
# Crashlytics plugin (for Android Studio and IntelliJ)
|
||||
com_crashlytics_export_strings.xml
|
||||
crashlytics.properties
|
||||
crashlytics-build.properties
|
||||
fabric.properties
|
||||
|
||||
# Editor-based Rest Client
|
||||
.idea/httpRequests
|
||||
|
||||
# Android studio 3.1+ serialized cache file
|
||||
.idea/caches/build_file_checksums.ser
|
||||
|
||||
# Local Deployment scripts
|
||||
make.sh
|
||||
dnet-role-management.iml
|
|
@ -0,0 +1,152 @@
|
|||
# Authorization Library
|
||||
|
||||
Authorization library is a library that provides a Spring Security (4.x.x) process
|
||||
in order to authorize the endpoints of a service base on OpenAIRE Authorities.
|
||||
It can be used with two different session strategies, a stateless and
|
||||
a Redis http session.
|
||||
|
||||
## Stateless
|
||||
|
||||
In stateless strategy, there is not a session. A filter makes a request
|
||||
to an "userinfo" endpoint and creates an Authentication base on the response.
|
||||
The advantage of this method is that it doesn't need any storage to store
|
||||
user's session, but with a cost of an extra http request per request.
|
||||
|
||||
### Usage
|
||||
|
||||
#### pom.xml
|
||||
|
||||
<dependency>
|
||||
<groupId>eu.dnetlib</groupId>
|
||||
<artifactId>uoa-authorization-library</artifactId>
|
||||
<version>2.1.2</version>
|
||||
</dependency>
|
||||
|
||||
#### Spring Application/Configuration
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
|
||||
|
||||
@PropertySources({@PropertySource("classpath:authorization.properties")})
|
||||
@Import(AuthorizationConfiguration.class)
|
||||
public class Application {
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
}
|
||||
|
||||
#### Configuration
|
||||
|
||||
authorization.security.userInfoUrl = http://<domain>/login-service/userInfo # Required, default ""
|
||||
authorization.security.session=<session-cookie-name> # Default openAIRESession
|
||||
|
||||
## Redis
|
||||
|
||||
In Redis strategy, session is stored to a Redis database when a user
|
||||
authenticates himself through a login service. The disadvantage of
|
||||
this strategy is that it needs access to the Redis database
|
||||
where session is stored.
|
||||
|
||||
### Usage
|
||||
|
||||
#### pom.xml
|
||||
|
||||
<dependency>
|
||||
<groupId>eu.dnetlib</groupId>
|
||||
<artifactId>uoa-authorization-library</artifactId>
|
||||
<version>2.1.2</version>
|
||||
<classifier>redis</classifier>
|
||||
</dependency>
|
||||
|
||||
#### Spring Application/Configuration
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
|
||||
|
||||
@PropertySources({@PropertySource("classpath:authorization.properties")})
|
||||
@Import(AuthorizationConfiguration.class)
|
||||
public class Application {
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
}
|
||||
|
||||
#### Configuration
|
||||
|
||||
authorization.secuirty.redis.host=<redis-ip> # Default localhost
|
||||
authorization.secuirty.redis.port=<redis-port> # Default 6379
|
||||
authorization.secuirty.redis.password=<redis-password> # Default ""
|
||||
authorization.security.domain=<domain-suffix> # e.g openaire.eu
|
||||
authorization.security.session=<session-cookie-name> # Default openAIRESession
|
||||
|
||||
|
||||
## Authorize Requests
|
||||
|
||||
### Authorization Service
|
||||
|
||||
In order to simplify the format of the Authorities, you can use
|
||||
this spring component to authorize your endpoints. There is also methods to
|
||||
get user's information.
|
||||
|
||||
public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
|
||||
public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";
|
||||
public final String REGISTERED_USER = "REGISTERED_USER";
|
||||
|
||||
/**
|
||||
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
||||
*/
|
||||
public String curator(String type) {}
|
||||
|
||||
/**
|
||||
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
||||
*
|
||||
* Id = EE, EGI, etc
|
||||
*/
|
||||
public String manager(String type, String id) { }
|
||||
|
||||
/**
|
||||
* Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT
|
||||
*
|
||||
* Id = EE, EGI, etc
|
||||
*/
|
||||
public String member(String type, String id)
|
||||
|
||||
e.g
|
||||
|
||||
@PreAuthorize("hasAnyAuthority("
|
||||
+ "@AuthorizationService.PORTAL_ADMIN, "
|
||||
+ "@AuthorizationService.curator(#type), "
|
||||
+ "@AuthorizationService.manager(#type, #id)) "
|
||||
+ ")")
|
||||
@RequestMapping(value = "{type}/{id}", method = RequestMethod.GET)
|
||||
public Entity getEntity(@PathVariable("type") String type, @PathVariable("id") String id) {}
|
||||
|
||||
## Spring Security (5.x.x) - Spring boot (2.x.x)
|
||||
|
||||
Because of MitreID dependency, in order to use this library
|
||||
with redis HttpSession, service has to use spring security (4.x.x).
|
||||
The only way to use this library in a project with spring security 5.x.x
|
||||
is the Stateless strategy with the following modification in Application
|
||||
class:
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
|
||||
|
||||
@PropertySources({@PropertySource("classpath:authorization.properties")})
|
||||
@Import(AuthorizationConfiguration.class)
|
||||
public class Application {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(Application.class, args);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebMvcConfigurer corsConfigurer() {
|
||||
return new WebMvcConfigurer() {
|
||||
@Override
|
||||
public void addCorsMappings(CorsRegistry registry) {
|
||||
registry.addMapping("/**")
|
||||
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
|
||||
.allowedOriginPatterns("*")
|
||||
.allowCredentials(true);
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
97
pom.xml
97
pom.xml
|
@ -3,71 +3,88 @@
|
|||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<groupId>eu.dnetlib</groupId>
|
||||
<artifactId>dnet45-parent</artifactId>
|
||||
<artifactId>uoa-spring-boot-parent</artifactId>
|
||||
<version>1.0.0</version>
|
||||
</parent>
|
||||
<artifactId>uoa-authorization-library</artifactId>
|
||||
<version>2.0.1-SNAPSHOT</version>
|
||||
<version>2.1.5-SNAPSHOT</version>
|
||||
<packaging>jar</packaging>
|
||||
<scm>
|
||||
<developerConnection>scm:svn:https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-authorization-library/trunk</developerConnection>
|
||||
</scm>
|
||||
<name>uoa-authorization-library</name>
|
||||
|
||||
<scm>
|
||||
<developerConnection>scm:git:gitea@code-repo.d4science.org:MaDgIK/authorization-library.git</developerConnection>
|
||||
<tag>HEAD</tag>
|
||||
</scm>
|
||||
<properties>
|
||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
||||
<java.version>1.8</java.version>
|
||||
<timestampAuthorizationLibrary>${maven.build.timestamp}</timestampAuthorizationLibrary>
|
||||
<maven.build.timestamp.format>E MMM dd HH:mm:ss z yyyy</maven.build.timestamp.format>
|
||||
</properties>
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-dependencies</artifactId>
|
||||
<version>1.5.8.RELEASE</version>
|
||||
<type>pom</type>
|
||||
<scope>import</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId> org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-logging</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<!-- Starter for using Spring Security -->
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.google.code.gson</groupId>
|
||||
<artifactId>gson</artifactId>
|
||||
<version>2.8.2</version>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-data-redis</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>log4j</groupId>
|
||||
<artifactId>log4j</artifactId>
|
||||
<version>1.2.17</version>
|
||||
<groupId>org.springframework.session</groupId>
|
||||
<artifactId>spring-session-data-redis</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>biz.paluch.redis</groupId>
|
||||
<artifactId>lettuce</artifactId>
|
||||
<version>4.3.3.Final</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.mitre</groupId>
|
||||
<artifactId>openid-connect-client</artifactId>
|
||||
<version>1.3.0</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-jar-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>default-jar</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>jar</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<excludes>
|
||||
<exclude>**/eu/dnetlib/uoaauthorizationlibrary/redis/**</exclude>
|
||||
</excludes>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>redis</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>jar</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<classifier>redis</classifier>
|
||||
<excludes>
|
||||
<exclude>**/eu/dnetlib/uoaauthorizationlibrary/stateless/**</exclude>
|
||||
</excludes>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
<finalName>uoa-authorization-library</finalName>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>src/main/resources</directory>
|
||||
<filtering>true</filtering>
|
||||
</resource>
|
||||
</resources>
|
||||
</build>
|
||||
</project>
|
||||
|
|
|
@ -2,8 +2,24 @@ package eu.dnetlib.uoaauthorizationlibrary.configuration;
|
|||
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.*;
|
||||
import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
@EnableConfigurationProperties({SecurityConfig.class, GlobalVars.class})
|
||||
@ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" })
|
||||
public class AuthorizationConfiguration { }
|
||||
public class AuthorizationConfiguration {
|
||||
|
||||
@Bean
|
||||
public WebMvcConfigurer corsConfigurer() {
|
||||
return new WebMvcConfigurerAdapter() {
|
||||
@Override
|
||||
public void addCorsMappings(CorsRegistry registry) {
|
||||
registry.addMapping("/**")
|
||||
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
|
||||
.allowCredentials(true);
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,10 +4,11 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
|
|||
|
||||
import java.util.Date;
|
||||
|
||||
@ConfigurationProperties("authorization.globalVars")
|
||||
@ConfigurationProperties("authorization.global-vars")
|
||||
public class GlobalVars {
|
||||
public static Date date = new Date();
|
||||
private Date buildDate;
|
||||
private String version;
|
||||
|
||||
public String getBuildDate() {
|
||||
if(buildDate == null) {
|
||||
|
@ -19,4 +20,12 @@ public class GlobalVars {
|
|||
public void setBuildDate(Date buildDate) {
|
||||
this.buildDate = buildDate;
|
||||
}
|
||||
|
||||
public String getVersion() {
|
||||
return this.version;
|
||||
}
|
||||
|
||||
public void setVersion(String version) {
|
||||
this.version = version;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.configuration;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.security.AuthorizationService;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
@Configuration
|
||||
@ComponentScan(
|
||||
basePackageClasses = {AuthorizationService.class}
|
||||
)
|
||||
public class IgnoreSecurityConfiguration {
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.configuration;
|
||||
|
||||
public class Redis {
|
||||
|
||||
private String host = "localhost";
|
||||
private String port = "6379";
|
||||
private String password;
|
||||
|
||||
public Redis() {
|
||||
}
|
||||
|
||||
public String getHost() {
|
||||
return host;
|
||||
}
|
||||
|
||||
public void setHost(String host) {
|
||||
this.host = host;
|
||||
}
|
||||
|
||||
public String getPort() {
|
||||
return port;
|
||||
}
|
||||
|
||||
public void setPort(String port) {
|
||||
this.port = port;
|
||||
}
|
||||
|
||||
public String getPassword() {
|
||||
return password;
|
||||
}
|
||||
|
||||
public void setPassword(String password) {
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "Redis{" +
|
||||
"host='" + host + '\'' +
|
||||
", port='" + port + '\'' +
|
||||
", password='" + password + '\'' +
|
||||
'}';
|
||||
}
|
||||
}
|
|
@ -5,7 +5,18 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
|
|||
@ConfigurationProperties("authorization.security")
|
||||
public class SecurityConfig {
|
||||
|
||||
private Redis redis = new Redis();
|
||||
private String userInfoUrl;
|
||||
private String domain;
|
||||
private String session;
|
||||
|
||||
public Redis getRedis() {
|
||||
return redis;
|
||||
}
|
||||
|
||||
public void setRedis(Redis redis) {
|
||||
this.redis = redis;
|
||||
}
|
||||
|
||||
public String getUserInfoUrl() {
|
||||
return userInfoUrl;
|
||||
|
@ -15,8 +26,19 @@ public class SecurityConfig {
|
|||
this.userInfoUrl = userInfoUrl;
|
||||
}
|
||||
|
||||
/** @deprecated */
|
||||
public boolean isDeprecated() {
|
||||
return userInfoUrl.contains("accessToken");
|
||||
public String getDomain() {
|
||||
return domain;
|
||||
}
|
||||
|
||||
public void setDomain(String domain) {
|
||||
this.domain = domain;
|
||||
}
|
||||
|
||||
public String getSession() {
|
||||
return session;
|
||||
}
|
||||
|
||||
public void setSession(String session) {
|
||||
this.session = session;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,7 +2,8 @@ package eu.dnetlib.uoaauthorizationlibrary.controllers;
|
|||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.GlobalVars;
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
|
@ -17,7 +18,7 @@ import java.util.Map;
|
|||
@CrossOrigin(origins = "*")
|
||||
@RequestMapping("/authorization-library")
|
||||
public class AuthorizationLibraryCheckDeployController {
|
||||
private final Logger log = Logger.getLogger(this.getClass());
|
||||
private final Logger log = LogManager.getLogger(this.getClass());
|
||||
|
||||
@Autowired
|
||||
private SecurityConfig securityConfig;
|
||||
|
@ -27,21 +28,27 @@ public class AuthorizationLibraryCheckDeployController {
|
|||
|
||||
@RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)
|
||||
public String hello() {
|
||||
log.debug("Hello from uoa-authorization-service!");
|
||||
return "Hello from uoa-authorization-service!";
|
||||
log.debug("Hello from uoa-authorization-library!");
|
||||
return "Hello from uoa-authorization-library!";
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
|
||||
@RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
|
||||
public Map<String, String> checkEverything() {
|
||||
Map<String, String> response = new HashMap<>();
|
||||
response.put("authorization.security.redis.host", securityConfig.getRedis().getHost());
|
||||
response.put("authorization.security.userInfoUrl", securityConfig.getUserInfoUrl());
|
||||
response.put("authorization.security.session", securityConfig.getSession());
|
||||
response.put("authorization.security.domain", securityConfig.getDomain());
|
||||
if(GlobalVars.date != null) {
|
||||
response.put("Date of deploy", GlobalVars.date.toString());
|
||||
}
|
||||
if(globalVars.getBuildDate() != null) {
|
||||
response.put("Date of build", globalVars.getBuildDate());
|
||||
}
|
||||
if (globalVars.getVersion() != null) {
|
||||
response.put("Version", globalVars.getVersion());
|
||||
}
|
||||
return response;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.redis.configuration;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
|
||||
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
|
||||
import org.springframework.session.web.http.CookieSerializer;
|
||||
import org.springframework.session.web.http.DefaultCookieSerializer;
|
||||
|
||||
@EnableRedisHttpSession
|
||||
@Configuration
|
||||
public class RedisConfig {
|
||||
|
||||
private final SecurityConfig securityConfig;
|
||||
private static final Logger logger = LogManager.getLogger(RedisConfig.class);
|
||||
|
||||
@Autowired
|
||||
public RedisConfig(SecurityConfig securityConfig) {this.securityConfig = securityConfig;}
|
||||
|
||||
@Bean
|
||||
public LettuceConnectionFactory connectionFactory() {
|
||||
logger.info(String.format("Redis connection listens to %s:%s ", securityConfig.getRedis().getHost(), securityConfig.getRedis().getPort()));
|
||||
LettuceConnectionFactory factory = new LettuceConnectionFactory(securityConfig.getRedis().getHost(), Integer.parseInt(securityConfig.getRedis().getPort()));
|
||||
if (securityConfig.getRedis().getPassword() != null) factory.setPassword(securityConfig.getRedis().getPassword());
|
||||
return factory;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public CookieSerializer cookieSerializer() {
|
||||
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
|
||||
serializer.setCookieName(securityConfig.getSession());
|
||||
serializer.setCookiePath("/");
|
||||
serializer.setDomainName(securityConfig.getDomain());
|
||||
return serializer;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.redis.security;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.authorizeRequests().anyRequest().permitAll();
|
||||
http.httpBasic().authenticationEntryPoint(new EntryPoint());
|
||||
}
|
||||
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
@ -11,7 +12,6 @@ import java.util.stream.Collectors;
|
|||
|
||||
@Component(value = "AuthorizationService")
|
||||
public class AuthorizationService {
|
||||
private final Logger log = Logger.getLogger(this.getClass());
|
||||
|
||||
public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
|
||||
public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";
|
||||
|
@ -24,6 +24,9 @@ public class AuthorizationService {
|
|||
} else if (type.equals("ri") && communityMap) {
|
||||
type = "community";
|
||||
}
|
||||
while (type.contains(".")) {
|
||||
type = type.replace(".", "_");
|
||||
}
|
||||
return type;
|
||||
}
|
||||
|
||||
|
@ -36,7 +39,7 @@ public class AuthorizationService {
|
|||
|
||||
/**
|
||||
* Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
|
||||
* <p>
|
||||
*
|
||||
* Id = EE, EGI, etc
|
||||
*/
|
||||
public String manager(String type, String id) {
|
||||
|
@ -45,7 +48,7 @@ public class AuthorizationService {
|
|||
|
||||
/**
|
||||
* Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT
|
||||
* <p>
|
||||
*
|
||||
* Id = EE, EGI, etc
|
||||
*/
|
||||
public String member(String type, String id) {
|
||||
|
@ -69,7 +72,7 @@ public class AuthorizationService {
|
|||
}
|
||||
|
||||
public List<String> getRoles() {
|
||||
OpenAIREAuthentication authentication = (OpenAIREAuthentication) SecurityContextHolder.getContext().getAuthentication();
|
||||
Authentication authentication = getAuthentication();
|
||||
if (authentication != null && authentication.isAuthenticated()) {
|
||||
return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
|
||||
}
|
||||
|
@ -77,18 +80,35 @@ public class AuthorizationService {
|
|||
}
|
||||
|
||||
public String getAaiId() {
|
||||
OpenAIREAuthentication authentication = (OpenAIREAuthentication) SecurityContextHolder.getContext().getAuthentication();
|
||||
Authentication authentication = getAuthentication();
|
||||
if (authentication != null && authentication.isAuthenticated()) {
|
||||
return authentication.getUser().getSub();
|
||||
if(authentication instanceof OpenAIREAuthentication) {
|
||||
return ((OpenAIREAuthentication) authentication).getUser().getSub();
|
||||
} else {
|
||||
return ((OIDCAuthenticationToken) authentication).getUserInfo().getSub();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public String getEmail() {
|
||||
OpenAIREAuthentication authentication = (OpenAIREAuthentication) SecurityContextHolder.getContext().getAuthentication();
|
||||
Authentication authentication = getAuthentication();
|
||||
if (authentication != null && authentication.isAuthenticated()) {
|
||||
return authentication.getUser().getEmail();
|
||||
if(authentication instanceof OpenAIREAuthentication) {
|
||||
return ((OpenAIREAuthentication) authentication).getUser().getEmail();
|
||||
} else {
|
||||
return ((OIDCAuthenticationToken) authentication).getUserInfo().getEmail();
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private Authentication getAuthentication() {
|
||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
if(authentication instanceof OpenAIREAuthentication || authentication instanceof OIDCAuthenticationToken) {
|
||||
return authentication;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
public class CorsConfig extends WebMvcConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
public void addCorsMappings(CorsRegistry registry) {
|
||||
registry.addMapping("/**")
|
||||
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
|
||||
.allowCredentials(true);
|
||||
}
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
|
||||
import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
|
||||
public class OpenAIREAuthentication extends AbstractAuthenticationToken {
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
||||
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
|
||||
import org.apache.log4j.Logger;
|
||||
import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
@ -14,7 +13,6 @@ import java.io.IOException;
|
|||
public class AuthorizationFilter implements Filter {
|
||||
|
||||
private final AuthorizationProvider authorizationProvider;
|
||||
private final Logger log = Logger.getLogger(this.getClass());
|
||||
|
||||
@Autowired
|
||||
AuthorizationFilter(AuthorizationProvider authorizationProvider) {
|
||||
|
@ -27,7 +25,7 @@ public class AuthorizationFilter implements Filter {
|
|||
@Override
|
||||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {
|
||||
OpenAIREAuthentication auth = authorizationProvider.getAuthentication((HttpServletRequest) req);
|
||||
if(auth != null) {
|
||||
if(auth.isAuthenticated()) {
|
||||
SecurityContextHolder.getContext().setAuthentication(auth);
|
||||
}
|
||||
filterChain.doFilter(req, res);
|
|
@ -1,6 +1,5 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
||||
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
|
||||
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
|
@ -1,7 +1,8 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
||||
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
|
||||
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
|
||||
import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
|
||||
import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.AuthorizationUtils;
|
||||
import eu.dnetlib.uoaauthorizationlibrary.stateless.utils.UserInfo;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
|
@ -1,8 +1,7 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.security;
|
||||
package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
|
||||
import eu.dnetlib.uoaauthorizationlibrary.security.EntryPoint;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
|
@ -11,7 +10,6 @@ import org.springframework.security.config.http.SessionCreationPolicy;
|
|||
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
||||
@EnableWebSecurity
|
||||
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
private final AuthorizationFilter filter;
|
|
@ -1,7 +1,8 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.utils;
|
||||
package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
@ -10,11 +11,12 @@ import org.springframework.web.client.RestTemplate;
|
|||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
|
||||
@Component
|
||||
public class AuthorizationUtils {
|
||||
private final Logger log = Logger.getLogger(this.getClass());
|
||||
private final Logger log = LogManager.getLogger(this.getClass());
|
||||
private final SecurityConfig securityConfig;
|
||||
|
||||
@Autowired
|
||||
|
@ -22,31 +24,29 @@ public class AuthorizationUtils {
|
|||
this.securityConfig = securityConfig;
|
||||
}
|
||||
|
||||
private String getToken(HttpServletRequest request) {
|
||||
if (request.getCookies() == null) {
|
||||
return null;
|
||||
}
|
||||
for (Cookie c : request.getCookies()) {
|
||||
if (c.getName().equals("AccessToken")) {
|
||||
return c.getValue();
|
||||
}
|
||||
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public UserInfo getUserInfo(HttpServletRequest request) {
|
||||
String url = securityConfig.getUserInfoUrl() + (securityConfig.isDeprecated()?getToken(request):"");
|
||||
String url = securityConfig.getUserInfoUrl();
|
||||
RestTemplate restTemplate = new RestTemplate();
|
||||
try {
|
||||
ResponseEntity<UserInfo> response = restTemplate.exchange(url, HttpMethod.GET, createHeaders(request), UserInfo.class);
|
||||
return response.getBody();
|
||||
if(url != null && hasCookie(request)) {
|
||||
ResponseEntity<UserInfo> response = restTemplate.exchange(url, HttpMethod.GET, createHeaders(request), UserInfo.class);
|
||||
return response.getBody();
|
||||
}
|
||||
return null;
|
||||
} catch (RestClientException e) {
|
||||
log.error(e.getMessage());
|
||||
log.error(url + ": " + e.getMessage());
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private boolean hasCookie(HttpServletRequest request) {
|
||||
Cookie[] cookies = request.getCookies();
|
||||
if(cookies != null) {
|
||||
return Arrays.stream(cookies).anyMatch(cookie -> cookie.getName().equalsIgnoreCase(this.securityConfig.getSession()));
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private HttpEntity<HttpHeaders> createHeaders(HttpServletRequest request) {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
|
|
@ -1,4 +1,4 @@
|
|||
package eu.dnetlib.uoaauthorizationlibrary.utils;
|
||||
package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|
@ -1,9 +1,7 @@
|
|||
#dev
|
||||
authorization.security.userInfoUrl = http://mpagasas.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken=
|
||||
authorization.globalVars.buildDate=@timestampAuthorizationLibrary@
|
||||
|
||||
#beta
|
||||
#authorization.security.userInfoUrl = https://beta.services.openaire.eu/uoa-user-management/api/users/getUserInfo?accessToken=
|
||||
|
||||
#production
|
||||
#authorization.security.userInfoUrl = https://services.openaire.eu/uoa-user-management/api/users/getUserInfo?accessToken=
|
||||
spring.session.store-type=none
|
||||
authorization.security.userInfoUrl=
|
||||
authorization.security.domain=di.uoa.gr
|
||||
authorization.security.session=openAIRESession
|
||||
authorization.global-vars.buildDate=@timestampAuthorizationLibrary@
|
||||
authorization.global-vars.version=@project.version@
|
||||
|
|
Loading…
Reference in New Issue