Fix mapType in Authorization Service to handle extra '.'

README.md

@@ -1,6 +1,6 @@
 # Authorization Library
 
-Authorization library is a library that provides a Spring Security process
+Authorization library is a library that provides a Spring Security (4.x.x) process
 in order to authorize the endpoints of a service base on OpenAIRE Authorities.
 It can be used with two different session strategies, a stateless and
 a Redis http session.
@@ -19,13 +19,14 @@ user's session, but with a cost of an extra http request per request.
     <dependency>
         <groupId>eu.dnetlib</groupId>
         <artifactId>uoa-authorization-library</artifactId>
-        <version>2.1.1</version>
+        <version>2.1.2</version>
     </dependency>
 
 #### Spring Application/Configuration
 
     import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;    
 
+    @PropertySources({@PropertySource("classpath:authorization.properties")})
     @Import(AuthorizationConfiguration.class)
     public class Application {
         public static void main(String[] args) {
@@ -52,7 +53,7 @@ where session is stored.
     <dependency>
         <groupId>eu.dnetlib</groupId>
         <artifactId>uoa-authorization-library</artifactId>
-        <version>2.1.1</version>
+        <version>2.1.2</version>
         <classifier>redis</classifier>
     </dependency>
 
@@ -60,6 +61,7 @@ where session is stored.
 
     import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;    
 
+    @PropertySources({@PropertySource("classpath:authorization.properties")})
     @Import(AuthorizationConfiguration.class)
     public class Application {
         public static void main(String[] args) {
@@ -115,4 +117,36 @@ e.g
         + "@AuthorizationService.manager(#type, #id)) "
     + ")")
     @RequestMapping(value = "{type}/{id}", method = RequestMethod.GET)
-    public Entity getEntity(@PathVariable("type") String type, @PathVariable("id") String id) {
+    public Entity getEntity(@PathVariable("type") String type, @PathVariable("id") String id) {}
+
+## Spring Security (5.x.x) - Spring boot (2.x.x)
+
+Because of MitreID dependency, in order to use this library
+with redis HttpSession, service has to use spring security (4.x.x).
+The only way to use this library in a project with spring security 5.x.x
+is the Stateless strategy with the following modification in Application
+class:
+
+    import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;    
+
+    @PropertySources({@PropertySource("classpath:authorization.properties")})
+    @Import(AuthorizationConfiguration.class)
+    public class Application {
+
+        public static void main(String[] args) {
+            SpringApplication.run(Application.class, args);
+        }
+
+        @Bean
+        public WebMvcConfigurer corsConfigurer() {
+            return new WebMvcConfigurer() {
+                    @Override
+                    public void addCorsMappings(CorsRegistry registry) {
+                        registry.addMapping("/**")
+                                .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
+                                .allowedOriginPatterns("*")
+                                .allowCredentials(true);
+                    }
+            };
+        }   
+    }

pom.xml

@@ -3,48 +3,24 @@
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>eu.dnetlib</groupId>
-		<artifactId>dnet45-parent</artifactId>
+		<artifactId>uoa-spring-boot-parent</artifactId>
 		<version>1.0.0</version>
 	</parent>
 	<artifactId>uoa-authorization-library</artifactId>
-	<version>2.1.1</version>
+	<version>2.1.5-SNAPSHOT</version>
 	<packaging>jar</packaging>
 	<name>uoa-authorization-library</name>
 	<scm>
-		<url>https://code-repo.d4science.org/MaDgIK/authorization-library</url>
-		<connection>scm:git:gitea@code-repo.d4science.org:MaDgIK/authorization-library.git</connection>
 		<developerConnection>scm:git:gitea@code-repo.d4science.org:MaDgIK/authorization-library.git</developerConnection>
-		<tag>uoa-authorization-library-2.1.1</tag>
+		<tag>HEAD</tag>
 	</scm>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-		<java.version>1.8</java.version>
         <timestampAuthorizationLibrary>${maven.build.timestamp}</timestampAuthorizationLibrary>
         <maven.build.timestamp.format>E MMM dd HH:mm:ss z yyyy</maven.build.timestamp.format>
 	</properties>
-	<dependencyManagement>
-		<dependencies>
-			<dependency>
-				<groupId>org.springframework.boot</groupId>
-				<artifactId>spring-boot-dependencies</artifactId>
-				<version>1.5.8.RELEASE</version>
-				<type>pom</type>
-				<scope>import</scope>
-			</dependency>
-		</dependencies>
-	</dependencyManagement>
 	<dependencies>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
-			<exclusions>
-				<exclusion>
-					<groupId> org.springframework.boot</groupId>
-					<artifactId>spring-boot-starter-logging</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
 		<!-- Starter for using Spring Security -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -74,16 +50,6 @@
 				</exclusion>
 			</exclusions>
 		</dependency>
-		<dependency>
-			<groupId>com.google.code.gson</groupId>
-			<artifactId>gson</artifactId>
-			<version>2.8.2</version>
-		</dependency>
-		<dependency>
-			<groupId>log4j</groupId>
-			<artifactId>log4j</artifactId>
-			<version>1.2.17</version>
-		</dependency>
     </dependencies>
 	<build>
 		<plugins>
@@ -120,11 +86,5 @@
 			</plugin>
 		</plugins>
         <finalName>uoa-authorization-library</finalName>
-        <resources>
-            <resource>
-                <directory>src/main/resources</directory>
-                <filtering>true</filtering>
-            </resource>
-        </resources>
 	</build>
 </project>

src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java

@@ -2,8 +2,24 @@ package eu.dnetlib.uoaauthorizationlibrary.configuration;
 
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.*;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
 @Configuration
 @EnableConfigurationProperties({SecurityConfig.class, GlobalVars.class})
 @ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" })
-public class AuthorizationConfiguration { }
+public class AuthorizationConfiguration {
+
+    @Bean
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurerAdapter() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**")
+                        .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
+                        .allowCredentials(true);
+            }
+        };
+    }
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/GlobalVars.java

@@ -4,7 +4,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 
 import java.util.Date;
 
-@ConfigurationProperties("authorization.globalVars")
+@ConfigurationProperties("authorization.global-vars")
 public class GlobalVars {
     public static Date date = new Date();
     private Date buildDate;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/IgnoreSecurityConfiguration.java

@@ -0,0 +1,12 @@
+package eu.dnetlib.uoaauthorizationlibrary.configuration;
+
+import eu.dnetlib.uoaauthorizationlibrary.security.AuthorizationService;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ComponentScan(
+        basePackageClasses = {AuthorizationService.class}
+)
+public class IgnoreSecurityConfiguration {
+}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/controllers/AuthorizationLibraryCheckDeployController.java

@@ -2,7 +2,8 @@ package eu.dnetlib.uoaauthorizationlibrary.controllers;
 
 import eu.dnetlib.uoaauthorizationlibrary.configuration.GlobalVars;
 import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.CrossOrigin;
@@ -17,7 +18,7 @@ import java.util.Map;
 @CrossOrigin(origins = "*")
 @RequestMapping("/authorization-library")
 public class AuthorizationLibraryCheckDeployController {
-    private final Logger log = Logger.getLogger(this.getClass());
+    private final Logger log = LogManager.getLogger(this.getClass());
 
     @Autowired
     private SecurityConfig securityConfig;

src/main/java/eu/dnetlib/uoaauthorizationlibrary/redis/configuration/RedisConfig.java

@@ -1,7 +1,8 @@
 package eu.dnetlib.uoaauthorizationlibrary.redis.configuration;
 
 import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -15,7 +16,7 @@ import org.springframework.session.web.http.DefaultCookieSerializer;
 public class RedisConfig {
 
     private final SecurityConfig securityConfig;
-    private static final Logger logger = Logger.getLogger(RedisConfig.class);
+    private static final Logger logger = LogManager.getLogger(RedisConfig.class);
 
     @Autowired
     public RedisConfig(SecurityConfig securityConfig) {this.securityConfig = securityConfig;}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationService.java

@@ -1,6 +1,5 @@
 package eu.dnetlib.uoaauthorizationlibrary.security;
 
-import org.apache.log4j.Logger;
 import org.mitre.openid.connect.model.OIDCAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -13,7 +12,6 @@ import java.util.stream.Collectors;
 
 @Component(value = "AuthorizationService")
 public class AuthorizationService {
-    private final Logger log = Logger.getLogger(this.getClass());
 
     public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
     public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";
@@ -26,6 +24,9 @@ public class AuthorizationService {
         } else if (type.equals("ri") && communityMap) {
             type = "community";
         }
+        while (type.contains(".")) {
+            type = type.replace(".", "_");
+        }
         return type;
     }
 

src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java

@@ -1,16 +0,0 @@
-package eu.dnetlib.uoaauthorizationlibrary.security;
-
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
-
-@Configuration
-public class CorsConfig extends WebMvcConfigurerAdapter {
-
-    @Override
-    public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
-                .allowCredentials(true);
-    }
-}

src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/security/AuthorizationFilter.java

@@ -1,7 +1,6 @@
 package eu.dnetlib.uoaauthorizationlibrary.stateless.security;
 
 import eu.dnetlib.uoaauthorizationlibrary.security.OpenAIREAuthentication;
-import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -14,7 +13,6 @@ import java.io.IOException;
 public class AuthorizationFilter implements Filter {
 
     private final AuthorizationProvider authorizationProvider;
-    private final Logger log = Logger.getLogger(this.getClass());
 
     @Autowired
     AuthorizationFilter(AuthorizationProvider authorizationProvider) {

src/main/java/eu/dnetlib/uoaauthorizationlibrary/stateless/utils/AuthorizationUtils.java

@@ -1,7 +1,8 @@
 package eu.dnetlib.uoaauthorizationlibrary.stateless.utils;
 
 import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.*;
 import org.springframework.stereotype.Component;
@@ -15,7 +16,7 @@ import java.util.Collections;
 
 @Component
 public class AuthorizationUtils {
-    private final Logger log = Logger.getLogger(this.getClass());
+    private final Logger log = LogManager.getLogger(this.getClass());
     private final SecurityConfig securityConfig;
 
     @Autowired

src/main/resources/authorization.properties

@@ -3,5 +3,5 @@ spring.session.store-type=none
 authorization.security.userInfoUrl=
 authorization.security.domain=di.uoa.gr
 authorization.security.session=openAIRESession
-authorization.globalVars.buildDate=@timestampAuthorizationLibrary@
-authorization.globalVars.version=@project.version@
+authorization.global-vars.buildDate=@timestampAuthorizationLibrary@
+authorization.global-vars.version=@project.version@