You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Go to file
Konstantinos Triantafyllou 00edaeb5ce [maven-release-plugin] prepare release uoa-authorization-library-2.1.1 2 years ago
src/main Change default value of userInfoUrl. Add redis configuration to ReadMe 2 years ago
.gitignore Add ReadMe and .gitignore 2 years ago
README.md Change default value of userInfoUrl. Add redis configuration to ReadMe 2 years ago
pom.xml [maven-release-plugin] prepare release uoa-authorization-library-2.1.1 2 years ago

README.md

Authorization Library

Authorization library is a library that provides a Spring Security process in order to authorize the endpoints of a service base on OpenAIRE Authorities. It can be used with two different session strategies, a stateless and a Redis http session.

Stateless

In stateless strategy, there is not a session. A filter makes a request to an "userinfo" endpoint and creates an Authentication base on the response. The advantage of this method is that it doesn't need any storage to store user's session, but with a cost of an extra http request per request.

Usage

pom.xml

<dependency>
    <groupId>eu.dnetlib</groupId>
    <artifactId>uoa-authorization-library</artifactId>
    <version>2.1.1</version>
</dependency>

Spring Application/Configuration

import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;    

@Import(AuthorizationConfiguration.class)
public class Application {
    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

Configuration

authorization.security.userInfoUrl = http://<domain>/login-service/userInfo # Required, default ""
authorization.security.session=<session-cookie-name> # Default openAIRESession

Redis

In Redis strategy, session is stored to a Redis database when a user authenticates himself through a login service. The disadvantage of this strategy is that it needs access to the Redis database where session is stored.

Usage

pom.xml

<dependency>
    <groupId>eu.dnetlib</groupId>
    <artifactId>uoa-authorization-library</artifactId>
    <version>2.1.1</version>
    <classifier>redis</classifier>
</dependency>

Spring Application/Configuration

import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;    

@Import(AuthorizationConfiguration.class)
public class Application {
    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

Configuration

authorization.secuirty.redis.host=<redis-ip> # Default localhost
authorization.secuirty.redis.port=<redis-port> # Default 6379
authorization.secuirty.redis.password=<redis-password> # Default ""
authorization.security.domain=<domain-suffix> # e.g openaire.eu
authorization.security.session=<session-cookie-name> # Default openAIRESession

Authorize Requests

Authorization Service

In order to simplify the format of the Authorities, you can use this spring component to authorize your endpoints. There is also methods to get user's information.

public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";
public final String REGISTERED_USER = "REGISTERED_USER";

/**
 * Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
 */
public String curator(String type) {}

/**
 * Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT
 * 
 * Id = EE, EGI, etc
 */
public String manager(String type, String id) { }

/**
 * Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT
 * 
 * Id = EE, EGI, etc
 */
public String member(String type, String id)

e.g

@PreAuthorize("hasAnyAuthority("
    + "@AuthorizationService.PORTAL_ADMIN, "
    + "@AuthorizationService.curator(#type), "
    + "@AuthorizationService.manager(#type, #id)) "
+ ")")
@RequestMapping(value = "{type}/{id}", method = RequestMethod.GET)
public Entity getEntity(@PathVariable("type") String type, @PathVariable("id") String id) {