MaDgIK
/
dnet-openaire-users
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MERGE login branch 56991:57920 using uoa-login-core

This commit is contained in:
Katerina Iatropoulou 2019-12-19 11:05:37 +00:00
parent 21be3a4caf
commit 34b5678237
11 changed files with 117 additions and 845 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
pom.xml
View File

@ -22,6 +22,11 @@
<artifactId>uoa-user-management</artifactId>
<version>[2.0.0-SNAPSHOT, 3.0.0)</version>
</dependency>
<dependency>
<groupId>eu.dnetlib</groupId>
<artifactId>uoa-login-core</artifactId>
<version>[1.0.0-SNAPSHOT, 2.0.0)</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
@ -83,33 +88,16 @@
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-client</artifactId>
<version>1.3.0</version>
</dependency>
<!-- About redis -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
<version>1.3.1.RELEASE</version>
<type>pom</type>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.6</version>
</dependency>
<dependency>
<groupId>biz.paluch.redis</groupId>
<artifactId>lettuce</artifactId>
<version>3.5.0.Final</version>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>4.3.4.RELEASE</version>
</dependency>
</dependencies>
</project>

260
src/main/java/eu/dnetlib/openaire/usermanagement/api/Test3Service.java
View File

@ -14,7 +14,14 @@ import eu.dnetlib.openaire.user.dao.RoleDAO;
import eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO;
import eu.dnetlib.openaire.user.ldap.MUserActionsLDAP;
import eu.dnetlib.openaire.user.store.DataSourceConnector;
import eu.dnetlib.openaire.usermanagement.security.JWTGenerator;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.mitre.openid.connect.model.UserInfo;
@ -22,15 +29,25 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.*;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.RestTemplate;
import sun.net.www.http.HttpClient;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
/**
* Created by sofia on 24/11/2016.
@ -53,173 +70,60 @@ public class Test3Service {
@Value("${oidc.issuer}")
private String issuer;
@Value("${oidc.secret}")
private String secret;
@Value("${oidc.id}")
private String id;
@GET
@Path("/{userId}")
@Path("/getToken")
@Produces(MediaType.APPLICATION_JSON)
public Response getUserById(@PathParam("userId") int userId) {
public Response getToken(@QueryParam("accessToken") String accessToken){
logger.debug("Refresh token " + accessToken);
System.out.printf("HELLO PAPAGENA");
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpPost httppost = new HttpPost(issuer+"/token");
// Request parameters and other properties.
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("client_id", id));
params.add(new BasicNameValuePair("client_secret", secret));
params.add(new BasicNameValuePair("grant_type", "refresh_token"));
params.add(new BasicNameValuePair("refresh_token", accessToken));
params.add(new BasicNameValuePair("scope", "openid email profile"));
try {
MigrationUser mUser = sqlMigrationUserDAO.fetchById(userId);
httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
//Execute and get the response.
HttpResponse response = null;
// Invalide user ID
if (mUser == null) {
String errorMessageJson = compose404Message("Cannot find user with id " + userId + ".");
response = httpclient.execute(httppost);
return Response
.status(Response.Status.NOT_FOUND)
.entity(errorMessageJson)
.type(MediaType.APPLICATION_JSON)
.build();
org.apache.http.HttpEntity entity = response.getEntity();
logger.debug("I am here");
if (entity != null) {
try (InputStream instream = entity.getContent()) {
logger.debug(IOUtils.toString(instream, StandardCharsets.UTF_8.name()));
}
}
return Response.status(200).entity(composeDataResponse(mUser)).build();
}
catch (SQLException e) {
return Response
.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(compose500Message("Fail to fetch users.", e))
.type(MediaType.APPLICATION_JSON)
.build();
}
}
} catch (UnsupportedEncodingException e) {
logger.error(e);
/* How to check @browser ../authenticate/?username=MY_USERNAME&password=MY_PASSWORD
* http://localhost:8080/uoa-user-management-1.0.0-SNAPSHOT/api/users/authenticate?username=sba&password=12345678
@GET
@Path("/authenticate")
@Produces(MediaType.APPLICATION_JSON)
public Response authenticateUserGET(@QueryParam("username") String username, @QueryParam("password") String password)
{
return commonAuthenticateFunction(username, password);
}*/
@POST
@Path("/authenticates")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public Response authenticateUserPOST(String input) {
JsonObject jsonObject = new JsonParser().parse(input).getAsJsonObject();
String username = jsonObject.get("username").getAsString();
String password = jsonObject.get("password").getAsString();
return commonAuthenticateFunction(username, password);
}
private Response commonAuthenticateFunction(String username, String password)
{
try {
boolean usernameExists = mUserActionsLDAP.usernameExists(username);
// if user was not found
if (!usernameExists) {
String errorMessageJson = compose401Message("Wrong credentials.");
return Response
.status(Response.Status.UNAUTHORIZED)
.entity(errorMessageJson)
.type(MediaType.APPLICATION_JSON)
.build();
}
boolean authenticated = mUserActionsLDAP.authenticate(username, password);
// if user was not authenticated
if (!authenticated) {
return Response
.status(Response.Status.UNAUTHORIZED)
.entity(compose401Message("User " + username + " could not be authenticated."))
.type(MediaType.APPLICATION_JSON)
.build();
}
MigrationUser mUser = sqlMigrationUserDAO.fetchByUsername(username);
// if user was not found in my db
LDAPUser ldapUser = null;
if (mUser == null) {
mUser = new MigrationUser(username);
ldapUser = mUserActionsLDAP.getUser(username);
mUser.setFullname(ldapUser.getDisplayName());
mUser.setEmail(ldapUser.getEmail());
mUser.setRoleId(2);
sqlMigrationUserDAO.insert(mUser);
}
return Response.status(200).entity(composeDataResponse(mUser)).type(MediaType.APPLICATION_JSON).build();
} catch (LDAPException exc) {
logger.error("Fail to connect to LDAP. ", exc);
return Response
.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(compose500Message("LDAP error.", exc))
.type(MediaType.APPLICATION_JSON)
.build();
} catch (SQLException exc) {
logger.error("Fail to fetch users. ", exc);
return Response
.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(compose500Message("Fail to fetch users.", exc))
.type(MediaType.APPLICATION_JSON)
.build();
} catch (IOException e) {
logger.error(e);
}
}
logger.info("DDDDDDDD");
@GET
@Path("/changeRole")
@Produces(MediaType.APPLICATION_JSON)
public Response changeRole(@QueryParam("roleId") int roleId, @QueryParam("userId") int userId)
{
RoleDAO roleDAO = new RoleDAO();
try
{
Role role = roleDAO.fetchById(roleId);
if (role == null)
{
//fetch all roleids TODO
String errorMessageJson = compose404Message("Cannot find role with id" + roleId + ".");
return Response
.status(Response.Status.NOT_FOUND)
.entity(errorMessageJson)
.type(MediaType.APPLICATION_JSON)
.build();
}
MigrationUser mUser = sqlMigrationUserDAO.fetchById(userId);
if (mUser == null)
{
String errorMessageJson = compose404Message("Cannot find user with id " + userId + ".");
return Response
.status(Response.Status.NOT_FOUND)
.entity(errorMessageJson)
.type(MediaType.APPLICATION_JSON)
.build();
}
mUser.setRoleId(roleId);
sqlMigrationUserDAO.update(mUser);
return Response.status(200).entity(composeDataResponse(mUser)).build();
}
catch (SQLException exc)
{
return Response
.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(compose500Message("Fail to fetch users.", exc))
.type(MediaType.APPLICATION_JSON)
.build();
}
return Response.status(200).type(MediaType.APPLICATION_JSON).build();
}
@GET
@Path("/getUserInfo")
@Produces(MediaType.APPLICATION_JSON)
//TODO REMOVE THIS and make the request directly to aai service {oidc.issuer} OR! see what is done with redis
public Response getUserInfo(@QueryParam("accessToken") String accessToken) throws JsonProcessingException {
//return Response.status(404).entity(compose404Message("This is a test message.")).type(MediaType.APPLICATION_JSON).build();
// call aai with accessToken
@ -236,6 +140,7 @@ public class Test3Service {
//logger.info(restTemplate.exchange(fooResourceUrl, HttpMethod.GET, request, Object.class));
ResponseEntity response1 = restTemplate.exchange(fooResourceUrl, HttpMethod.GET, request, Object.class);
logger.info(response1.getBody().toString());
ObjectMapper mapper = new ObjectMapper();
return Response.status(response1.getStatusCode().value()).entity(mapper.writeValueAsString(response1.getBody())).type(MediaType.APPLICATION_JSON).build();
@ -278,8 +183,44 @@ public class Test3Service {
}
return Response.status(200).entity(userInfoJson.toString()).type(MediaType.APPLICATION_JSON).build();
}
/* JSON Utility Methods */
/*
@GET
@Path("/katerina")
@Produces(MediaType.APPLICATION_JSON)
//@PreAuthorize("hasRole('ROLE_USER')")
@PreAuthorize("hasAuthority('urn:geant:openaire.eu:group:Registered+User#aai.openaire.eu')")
public Response getKaterina() {
return Response.status(200).build();
}
@GET
@Path("/skata")
@Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasRole('ROLE_USER')")
public Response getKaterina2() {
return Response.status(200).build();
}
@GET
@Path("/skata2")
@Produces(MediaType.APPLICATION_JSON)
@PreAuthorize("hasAuthority('skata')")
public Response getKaterina3() {
return Response.status(200).build();
}
@GET
@Path("/me")
//@Produces(MediaType.APPLICATION_JSON)
public Response getKaterina(@AuthenticationPrincipal UserDetails userDetails) {
//return Response.status(200).entity(userDetails).type(MediaType.APPLICATION_JSON).build();
return Response.status(200).build();
}
*/
/* JSON Utility Methods */
private String compose401Message(String message) {
return "{ \"status\" : \"error\", \"code\" : \"401\", \"message\" : \" " + message +" \" }";
}
@ -293,23 +234,10 @@ public class Test3Service {
"\"description\" : \""+ exception.getMessage() +"\" }";
}
private String composeDataResponse(UserInfo user) {
return "{ \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : \"" + JWTGenerator.generateToken(user, "my-very-secret") + "\" }";
}
private String composeDataResponse(MigrationUser user) {
//return "{ \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(user) + " }";
return "{ \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : \"" + JWTGenerator.generateToken(user, "my-very-secret") + "\" }";
}
private String composeDataResponse(LDAPUser user) {
return " { \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(user) + " }";
}
// private String composeDataResponse(String username) {
// return " { \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(username) + " }";
// }
private String composeDataResponse(String fullname) {
return " { \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(fullname) + " }";
}

53
src/main/java/eu/dnetlib/openaire/usermanagement/registry/beans/Config.java
View File

@ -1,53 +0,0 @@
package eu.dnetlib.openaire.usermanagement.registry.beans;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
/**
* Created by stefanos on 14/6/2017.
*/
@PropertySource(value = { "classpath:eu/dnet/openaire/usermanagement/redis.properties", "classpath:eu/dnet/openaire/usermanagement/springContext-dnetOpenaireUsersService.properties"} )
@Configuration
@EnableRedisHttpSession
public class Config {
private static Logger logger = Logger.getLogger(Config.class);
@Value("${redis.host:localhost}")
private String host;
@Value("${redis.port:6379}")
private String port;
@Value("${redis.password:#{null}}")
private String password;
@Value("${webbapp.front.domain:.openaire.eu}")
private String domain;
@Bean
public LettuceConnectionFactory connectionFactory() {
logger.info(String.format("Redis connection listens to %s:%s ",host,port));
LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));
if(password != null) factory.setPassword(password);
return factory;
}
@Bean
public CookieSerializer cookieSerializer() {
logger.info("Cookie Serializer: Domain is "+domain);
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName("openAIRESession"); // <1>
serializer.setCookiePath("/"); // <2>
// serializer.setDomainNamePattern(""); //with value "" set's the domain of the service e.g scoobydoo.di.uoa.gr
serializer.setDomainName(domain);
return serializer;
}
}

104
src/main/java/eu/dnetlib/openaire/usermanagement/security/FrontEndLinkURIAuthenticationSuccessHandler.java
View File

@ -1,104 +0,0 @@
package eu.dnetlib.openaire.usermanagement.security;
import com.google.gson.Gson;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* Created by stefanos on 9/5/2017.
*/
public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
private static final Logger logger = Logger.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class);
private String frontEndURI;
private String frontPath;
private String frontDomain;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IllegalArgumentException, IOException {
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
try {
// Cookie jwt = new Cookie("XCsrfToken", JWTGenerator.generateToken(authOIDC, "my-very-secret"));
Cookie openAIREUser = new Cookie("openAIREUser", new Gson().toJson(JWTGenerator.generateJsonToken(authOIDC)));
Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue());
// Expire the cookies in four hours (4 * 3600)
// jwt.setMaxAge(14400);
openAIREUser.setMaxAge(14400);
accessToken.setMaxAge(14400);
//TODO DELETE LOG
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
// logger.info("jwt: " + JWTGenerator.generateToken(authOIDC, "my-very-secret"));
logger.info("access token: " + authOIDC.getAccessTokenValue());
logger.info("openAIREUser: " + JWTGenerator.generateJsonToken(authOIDC));
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
//TODO DELETE LOG
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
// logger.info("refresh token: " + authOIDC.getRefreshTokenValue());
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
// jwt.setPath(frontPath);
openAIREUser.setPath(frontPath);
accessToken.setPath(frontPath);
if (frontDomain!=null) {
// jwt.setDomain(frontDomain);
openAIREUser.setDomain(frontDomain);
accessToken.setDomain(frontDomain);
}
// response.addCookie(jwt);
response.addCookie(openAIREUser);
response.addCookie(accessToken);
response.sendRedirect(frontEndURI);
} catch (IOException e) {
logger.error("IOException in redirection ", e);
throw new IOException(e);
}catch (IllegalArgumentException e) {
logger.error("IllegalArgumentException in redirection ", e);
throw new IllegalArgumentException(e);
}
}
public String getFrontEndURI() {
return frontEndURI;
}
public void setFrontEndURI(String frontEndURI) {
this.frontEndURI = frontEndURI;
}
public String getFrontPath() {
return frontPath;
}
public void setFrontPath(String frontPath) {
this.frontPath = frontPath;
}
public String getFrontDomain() {
return frontDomain;
}
public void setFrontDomain(String frontDomain) {
this.frontDomain = frontDomain;
}
}

231
src/main/java/eu/dnetlib/openaire/usermanagement/security/JWTGenerator.java
View File

@ -1,231 +0,0 @@
package eu.dnetlib.openaire.usermanagement.security;
import com.google.gson.JsonObject;
import eu.dnetlib.openaire.user.pojos.migration.MigrationUser;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.mitre.openid.connect.model.UserInfo;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.text.ParseException;
import java.util.Date;
public class JWTGenerator {
private static final Logger logger = Logger.getLogger(JWTGenerator.class);
public static String generateToken(MigrationUser u, String secret) {
Claims claims = Jwts.claims().setSubject(u.getUsername());
claims.put("fullname", u.getFullname() + "");
claims.put("userId", u.getId() + "");
claims.put("email", u.getEmail() + "");
claims.put("role", u.getRoleId());
//expiration
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
long ttlMillis = 1800000;
long expMillis = nowMillis + ttlMillis;
Date exp = new Date(expMillis);
return Jwts.builder()
.setClaims(claims)
.setExpiration(exp)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
public static String generateToken(OIDCAuthenticationToken authOIDC, String secret) {
try {
JsonObject userInfo = authOIDC.getUserInfo().getSource();
Claims claims = Jwts.claims().setSubject(authOIDC.getUserInfo().getSub());
claims.put("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8") + "");
if (authOIDC.getUserInfo().getGivenName() == null){
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
claims.put("firstname", URLEncoder.encode(" ", "UTF-8") + "");
} else {
claims.put("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");
}
if (authOIDC.getUserInfo().getFamilyName() == null){
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
claims.put("lastname", URLEncoder.encode(" ", "UTF-8") + "");
} else {
claims.put("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");
}
claims.put("email", authOIDC.getUserInfo().getEmail() + "");
// if (userInfo.getAsJsonArray("eduPersonScopedAffiliation").toString() != null) {
// claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");
// }
if (userInfo.getAsJsonArray("edu_person_entitlements") == null){
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role");
claims.put("role", URLEncoder.encode(" ", "UTF-8") + "");
} else {
claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
}
//TODO remove, We don't need it but if we are going to use it, we need to check if the user has affiliation
//claims.put("edu_person_scoped_affiliations", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");
//TODO remove
//TODO THIS IS TEST
// claims.put("fullname", URLEncoder.encode("Σοφία Μπαλτζή", "UTF-8") + "");
// claims.put("firstname", URLEncoder.encode("Σοφία", "UTF-8") + "");
// claims.put("lastname", URLEncoder.encode("Μπαλτζή", "UTF-8") + "");
// claims.put("email", "sofie.mpl@gmail.com" + "");
// claims.put("edu_person_scoped_affiliations", "faculty");
Date exp = new Date(authOIDC.getIdToken().getJWTClaimsSet().getExpirationTime().getTime());
// logger.info("expirationTime: "+ exp);
//TODO DELETE LOGS
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
// logger.info("fullName: " + authOIDC.getUserInfo().getName());
// logger.info("firstName: " + authOIDC.getUserInfo().getGivenName());
// logger.info("lastName: " + authOIDC.getUserInfo().getFamilyName());
// logger.info("email: " + authOIDC.getUserInfo().getEmail());
// //logger.info("Check everything");
// logger.info("locale: " + authOIDC.getUserInfo().getSource());
// logger.info("role: " + userInfo.getAsJsonArray("edu_person_entitlements").toString());
// //logger.info("affiliation: " + userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString());
// logger.info("expirationTime: " + exp);
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
return Jwts.builder()
.setClaims(claims)
.setExpiration(exp)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
} catch (ParseException e) {
e.printStackTrace();
logger.error("JWT Parse Exception from getting Expiration Time ", e);
return "error";
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
logger.error("UnsupportedEncodingException UTF-8 ", e);
return "error";
}
}
public static JsonObject generateJsonToken(OIDCAuthenticationToken authOIDC) {
try {
JsonObject userInfo = authOIDC.getUserInfo().getSource();
JsonObject userInfo2 = new JsonObject();
if (authOIDC.getUserInfo().getSub() == null) {
logger.info("User doesn't have sub");
userInfo2.addProperty("sub", "");
} else {
userInfo2.addProperty("sub", URLEncoder.encode(authOIDC.getUserInfo().getSub(), "UTF-8"));
}
if (authOIDC.getUserInfo().getName() == null) {
logger.info("User doesn't have fullname");
userInfo2.addProperty("fullname", "");
} else {
userInfo2.addProperty("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8"));
}
if (authOIDC.getUserInfo().getGivenName() == null){
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
// userInfo2.addProperty("firstname", URLEncoder.encode(" ", "UTF-8") + "");
userInfo2.addProperty("firstname", "");
} else {
userInfo2.addProperty("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");
}
if (authOIDC.getUserInfo().getFamilyName() == null){
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
// userInfo2.addProperty("lastname", URLEncoder.encode(" ", "UTF-8") + "");
userInfo2.addProperty("lastname", "");
} else {
userInfo2.addProperty("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");
}
userInfo2.addProperty("email", authOIDC.getUserInfo().getEmail() + "");
if (userInfo.getAsJsonArray("edu_person_entitlements") == null){
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role");
// userInfo2.addProperty("role", URLEncoder.encode(" ", "UTF-8") + "");
userInfo2.addProperty("role", "");
} else {
userInfo2.addProperty("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
}
logger.info("UserINFO: " + userInfo2.toString());
return userInfo2;
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
logger.error("UnsupportedEncodingException UTF-8 ", e);
JsonObject error = new JsonObject();
error.addProperty("error", "UnsupportedEncodingException UTF-8 " + e);
return error;
}
}
//TODO DELETE IF IT IS NOT NECESSARY
public static String generateAccessToken(OIDCAuthenticationToken authOIDC, String secret) {
Claims claims = Jwts.claims().setId(authOIDC.getAccessTokenValue());
//TODO DELETE LOGS
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
logger.info("access token: " + authOIDC.getAccessTokenValue());
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
return Jwts.builder()
.setClaims(claims)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
public static String generateToken(UserInfo user, String secret) {
try {
JsonObject userInfo = user.getSource();
Claims claims = Jwts.claims().setSubject(user.getSub());
claims.put("email", user.getEmail() + "");
claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
return Jwts.builder()
.setClaims(claims)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
logger.error("UnsupportedEncodingException UTF-8 ", e);
return "error";
}
}
}
// How to add it manually
// long nowMillis = System.currentTimeMillis();
// //This is my token
// try {
// String jwt = Jwts.builder()
// .setSubject("Argiro")
// .setExpiration(new Date(nowMillis+1800000))
// .claim("fullname", "Argiro Kokogianaki")
// .claim("id", "8")
// .claim("email", "argiro@gmail.com")
// .claim("role","2")
// .signWith(
// SignatureAlgorithm.HS512,
// "my-very-secret".getBytes("UTF-8")
// )
// .compact();

5
src/main/resources/eu/dnet/openaire/usermanagement/redis.properties
View File

@ -1,5 +0,0 @@
redis.host = 127.0.0.1
#redis.port = 6379
#redis.password

15
src/main/resources/eu/dnet/openaire/usermanagement/springContext-dnetOpenaireUsersService.properties
View File

@ -1,17 +1,2 @@
oidc.id=767422b9-5461-4807-a80a-f9a2072d3a7d
oidc.secret=AMQtGlbTXNjwjhF0st28LmM6V0XypMdaVS7tJmGuYFlmH36iIv4t7tVqYuLYrNPkhnZ_GPUJvhymBhFupdgb6aU
oidc.issuer = https://aai.openaire.eu/oidc/
#oidc.home = https://beta.services.openaire.eu/admin-user-management/openid_connect_login
#webbapp.front = https://beta.admin.connect.openaire.eu/reload
#webbapp.front.path = /
#webbapp.front.domain = .openaire.eu
#testing
oidc.home = http://scoobydoo.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/openid_connect_login
webbapp.front = https://scoobydoo.di.uoa.gr:4200/reload
webbapp.front.path = /
webbapp.front.domain =.di.uoa.gr
google.recaptcha.secret = 6LfYrU8UAAAAADwrbImPvDo_XcxEZvrkkgMy9yU0
google.recaptcha.key = 6LfYrU8UAAAAAFsl3m2YhP1uavdmAdFEXBkoY_vd

13
src/main/webapp/WEB-INF/applicationContext.xml
View File

@ -9,18 +9,15 @@
http://www.springframework.org/schema/context/spring-context-4.2.xsd">
<import resource="classpath*:/eu/dnetlib/openaire/user/springContext-userManagementService.xml" />
<import resource="classpath*:/eu/dnetlib/openaire/user/login/springContext-userLoginCore.xml" />
<context:component-scan base-package="eu.dnetlib.openaire.usermanagement.*"/>
<context:annotation-config />
<import resource="classpath*:/eu/dnetlib/openaire/user/springContext-userManagementService.xml" />
<!--<bean id="webexpressionHandler"-->
<!--class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>-->
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
<bean class="org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory"/>
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="order" value="2" />
<property name="ignoreUnresolvablePlaceholders" value="true" />
@ -36,8 +33,8 @@
<value>classpath*:/eu/**/applicationContext*.properties</value>
<value>classpath*:/eu/dnetlib/applicationContext-defaultProperties.properties</value>
<value>classpath*:/eu/**/springContext-userManagementService.properties</value>
<value>classpath*:/eu/**/springContext-dnetOpenaireUsersService.properties</value>
<value>classpath*:/eu/**/redis.properties</value>
<value>classpath*:/eu/**/springContext-userLoginCore.properties</value>
<value>classpath*:/eu/**/springContext-dnetOpenaireUsersService.properties</value>
<value>classpath*:/uoa-override.properties</value>
<value>classpath*:/dnet-override.properties</value>
</list>

9
src/main/webapp/WEB-INF/log4j.properties
View File

@ -1,8 +1,11 @@
log4j.rootLogger = INFO, R
log4j.rootLogger = DEBUG, R
log4j.logger.eu.dnetlib = INFO
log4j.logger.eu.dnetlib = DEBUG, R
log4j.logger.eu.dnetlib.openaire.user = DEBUG, R
log4j.logger.org.mitre.openid = INFO
log4j.logger.org.springframework = INFO, S
log4j.logger.org.springframework = DEBUG, S
log4j.logger.com.lambdaworks.redis.protocol = INFO, S
log4j.logger.org.apache.http = INFO, S
log4j.additivity.org.springframework = false

234
src/main/webapp/WEB-INF/springContext-dnetOpenaireUsersService.xml
View File

@ -1,249 +1,17 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd"
default-autowire="byName"> -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"
default-autowire="byType">
<!--<bean id="dataSourceConnector" class="eu.dnetlib.openaire.user.store.DataSourceConnector" init-method="init" autowire="byName">-->
<!--<property name="username" value="${openaire.users.db.username}"/>-->
<!--<property name="password" value="${openaire.users.db.password}"/>-->
<!--<property name="dbUrl" value="${openaire.users.db.url}" />-->
<!--<property name="driver" value="${openaire.users.db.driverClassName}" />-->
<!--</bean>-->
<!--<bean id="sqlMigrationUserDAO" class="eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO" autowire="byName"/>-->
<!--<bean id="userVerificationDAO" class="eu.dnetlib.openaire.user.dao.UserVerificationDAO">-->
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
<!--</bean>-->
<!--<bean id="verificationActions" class="eu.dnetlib.openaire.user.utils.VerificationActions">-->
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
<!--</bean>-->
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
<security:http auto-config="false" use-expressions="true"
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
pattern="/**">
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
<security:logout logout-url="/openid_logout" invalidate-session="true"/>
</security:http>
<bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>
<bean id="webexpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
</security:authentication-manager>
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
<property name="authoritiesMapper">
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
<property name="admins" ref="namedAdmins" />
</bean>
</property>
</bean>
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
<!--
This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER.
Note that having an administrator role on the IdP doesn't grant administrator access on this client.
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
-->
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
<constructor-arg name="subject" value="subject_value" />
<constructor-arg name="issuer" value="${oidc.issuer}" />
</bean>
</util:set>
<bean class="eu.dnetlib.openaire.usermanagement.security.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
<property name="frontEndURI" value="${webbapp.front}"/>
<property name="frontPath" value="${webbapp.front.path}"/>
<property name="frontDomain" value="${webbapp.front.domain:#{null}}"/>
</bean>
<!--<bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>-->
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
<!--<property name="filterProcessesUrl" value="/logout"/>-->
<!--<constructor-arg index="0" value="/"/>-->
<!--<constructor-arg index="1">-->
<!--<list>-->
<!--<ref bean="securityContextLogoutHandler"/>-->
<!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->
<!--</list>-->
<!--</constructor-arg>-->
<!--</bean>-->
<!--<bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURILogoutSuccessHandler" id="frontEndRedirectLogout"/>-->
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
<!--<property name="filterProcessesUrl" value="/logout"/>-->
<!--<constructor-arg index="0" value="/"/>-->
<!--<constructor-arg index="1">-->
<!--<list>-->
<!--<ref bean="securityContextLogoutHandler"/>-->
<!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->
<!--</list>-->
<!--</constructor-arg>-->
<!--</bean>-->
<!--
-
- The authentication filter
-
-->
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="issuerService" ref="staticIssuerService" />
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
</bean>
<!--
Static issuer service, returns the same issuer for every request.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
<property name="issuer" value="${oidc.issuer}" />
</bean>
<!--
Dynamic server configuration, fetches the server's information using OIDC Discovery.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
<property name="servers">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
<property name="issuer" value="${oidc.issuer}" />
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
<property name="jwksUri" value="${oidc.issuer}jwk" />
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
</bean>
</entry>
</map>
</property>
</bean>
<!--
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="${oidc.id}" />
<property name="clientSecret" value="${oidc.secret}" />
<property name="scope">
<set value-type="java.lang.String">
<value>openid</value>
</set>
</property> xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
<property name="redirectUris">
<set>
<value>${oidc.home}</value>
</set>
</property>
</bean>
</entry>
</map>
</property>
</bean>
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="${oidc.id}" />
<property name="clientSecret" value="${oidc.secret}" />
<property name="scope">
<set value-type="java.lang.String">
<value>openid</value>
</set>
</property>
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
<property name="redirectUris">
<set>
<value>${oidc.home}</value>
</set>
</property>
</bean>
</entry>
</map>
</property>
</bean>
<!--
-
- Auth request options service: returns the optional components of the request
-
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
<property name="options">
<map>
<!-- Entries in this map are sent as key-value parameters to the auth request -->
<!--
<entry key="display" value="page" />
<entry key="max_age" value="30" />
<entry key="prompt" value="none" />
-->
</map>
</property>
</bean>
<!--
Plain authorization request builder, puts all options as query parameters on the GET request
-->
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
<context:component-scan base-package="eu.dnetlib.openaire.user.api.services" />
<context:component-scan base-package="eu.dnetlib.openaire.usermanagement.registry.beans" />
<context:annotation-config></context:annotation-config>
</beans>

4
src/main/webapp/WEB-INF/web.xml
View File

@ -158,10 +158,6 @@
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Methods</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>