MERGE login branch 56991:57920 using uoa-login-core
This commit is contained in:
parent
21be3a4caf
commit
34b5678237
34
pom.xml
34
pom.xml
|
@ -22,6 +22,11 @@
|
|||
<artifactId>uoa-user-management</artifactId>
|
||||
<version>[2.0.0-SNAPSHOT, 3.0.0)</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>eu.dnetlib</groupId>
|
||||
<artifactId>uoa-login-core</artifactId>
|
||||
<version>[1.0.0-SNAPSHOT, 2.0.0)</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
|
@ -83,33 +88,16 @@
|
|||
<version>3.0.1</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.mitre</groupId>
|
||||
<artifactId>openid-connect-client</artifactId>
|
||||
<version>1.3.0</version>
|
||||
</dependency>
|
||||
|
||||
|
||||
<!-- About redis -->
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.session</groupId>
|
||||
<artifactId>spring-session-data-redis</artifactId>
|
||||
<version>1.3.1.RELEASE</version>
|
||||
<type>pom</type>
|
||||
<groupId>commons-io</groupId>
|
||||
<artifactId>commons-io</artifactId>
|
||||
<version>2.6</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>biz.paluch.redis</groupId>
|
||||
<artifactId>lettuce</artifactId>
|
||||
<version>3.5.0.Final</version>
|
||||
<groupId>javax.xml.bind</groupId>
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
<version>2.3.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-web</artifactId>
|
||||
<version>4.3.4.RELEASE</version>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
</project>
|
||||
|
||||
|
|
|
@ -14,7 +14,14 @@ import eu.dnetlib.openaire.user.dao.RoleDAO;
|
|||
import eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO;
|
||||
import eu.dnetlib.openaire.user.ldap.MUserActionsLDAP;
|
||||
import eu.dnetlib.openaire.user.store.DataSourceConnector;
|
||||
import eu.dnetlib.openaire.usermanagement.security.JWTGenerator;
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.apache.http.HttpResponse;
|
||||
import org.apache.http.NameValuePair;
|
||||
import org.apache.http.client.entity.UrlEncodedFormEntity;
|
||||
import org.apache.http.client.methods.HttpPost;
|
||||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
import org.apache.http.impl.client.HttpClients;
|
||||
import org.apache.http.message.BasicNameValuePair;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.mitre.openid.connect.model.UserInfo;
|
||||
|
@ -22,15 +29,25 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.http.*;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.client.DefaultResponseErrorHandler;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
import sun.net.www.http.HttpClient;
|
||||
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Created by sofia on 24/11/2016.
|
||||
|
@ -53,173 +70,60 @@ public class Test3Service {
|
|||
@Value("${oidc.issuer}")
|
||||
private String issuer;
|
||||
|
||||
@Value("${oidc.secret}")
|
||||
private String secret;
|
||||
|
||||
@Value("${oidc.id}")
|
||||
private String id;
|
||||
|
||||
@GET
|
||||
@Path("/{userId}")
|
||||
@Path("/getToken")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getUserById(@PathParam("userId") int userId) {
|
||||
public Response getToken(@QueryParam("accessToken") String accessToken){
|
||||
logger.debug("Refresh token " + accessToken);
|
||||
System.out.printf("HELLO PAPAGENA");
|
||||
CloseableHttpClient httpclient = HttpClients.createDefault();
|
||||
HttpPost httppost = new HttpPost(issuer+"/token");
|
||||
|
||||
// Request parameters and other properties.
|
||||
List<NameValuePair> params = new ArrayList<NameValuePair>();
|
||||
params.add(new BasicNameValuePair("client_id", id));
|
||||
params.add(new BasicNameValuePair("client_secret", secret));
|
||||
params.add(new BasicNameValuePair("grant_type", "refresh_token"));
|
||||
params.add(new BasicNameValuePair("refresh_token", accessToken));
|
||||
params.add(new BasicNameValuePair("scope", "openid email profile"));
|
||||
try {
|
||||
MigrationUser mUser = sqlMigrationUserDAO.fetchById(userId);
|
||||
httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
|
||||
//Execute and get the response.
|
||||
HttpResponse response = null;
|
||||
|
||||
// Invalide user ID
|
||||
if (mUser == null) {
|
||||
String errorMessageJson = compose404Message("Cannot find user with id " + userId + ".");
|
||||
response = httpclient.execute(httppost);
|
||||
|
||||
return Response
|
||||
.status(Response.Status.NOT_FOUND)
|
||||
.entity(errorMessageJson)
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
org.apache.http.HttpEntity entity = response.getEntity();
|
||||
|
||||
logger.debug("I am here");
|
||||
if (entity != null) {
|
||||
try (InputStream instream = entity.getContent()) {
|
||||
logger.debug(IOUtils.toString(instream, StandardCharsets.UTF_8.name()));
|
||||
}
|
||||
}
|
||||
|
||||
return Response.status(200).entity(composeDataResponse(mUser)).build();
|
||||
}
|
||||
catch (SQLException e) {
|
||||
return Response
|
||||
.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity(compose500Message("Fail to fetch users.", e))
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
}
|
||||
}
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
logger.error(e);
|
||||
|
||||
/* How to check @browser ../authenticate/?username=MY_USERNAME&password=MY_PASSWORD
|
||||
* http://localhost:8080/uoa-user-management-1.0.0-SNAPSHOT/api/users/authenticate?username=sba&password=12345678
|
||||
@GET
|
||||
@Path("/authenticate")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response authenticateUserGET(@QueryParam("username") String username, @QueryParam("password") String password)
|
||||
{
|
||||
return commonAuthenticateFunction(username, password);
|
||||
|
||||
}*/
|
||||
|
||||
@POST
|
||||
@Path("/authenticates")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
public Response authenticateUserPOST(String input) {
|
||||
JsonObject jsonObject = new JsonParser().parse(input).getAsJsonObject();
|
||||
|
||||
String username = jsonObject.get("username").getAsString();
|
||||
String password = jsonObject.get("password").getAsString();
|
||||
|
||||
return commonAuthenticateFunction(username, password);
|
||||
}
|
||||
|
||||
private Response commonAuthenticateFunction(String username, String password)
|
||||
{
|
||||
try {
|
||||
boolean usernameExists = mUserActionsLDAP.usernameExists(username);
|
||||
|
||||
// if user was not found
|
||||
if (!usernameExists) {
|
||||
String errorMessageJson = compose401Message("Wrong credentials.");
|
||||
|
||||
return Response
|
||||
.status(Response.Status.UNAUTHORIZED)
|
||||
.entity(errorMessageJson)
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
}
|
||||
|
||||
boolean authenticated = mUserActionsLDAP.authenticate(username, password);
|
||||
|
||||
// if user was not authenticated
|
||||
if (!authenticated) {
|
||||
return Response
|
||||
.status(Response.Status.UNAUTHORIZED)
|
||||
.entity(compose401Message("User " + username + " could not be authenticated."))
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
}
|
||||
|
||||
MigrationUser mUser = sqlMigrationUserDAO.fetchByUsername(username);
|
||||
|
||||
// if user was not found in my db
|
||||
LDAPUser ldapUser = null;
|
||||
if (mUser == null) {
|
||||
mUser = new MigrationUser(username);
|
||||
ldapUser = mUserActionsLDAP.getUser(username);
|
||||
mUser.setFullname(ldapUser.getDisplayName());
|
||||
mUser.setEmail(ldapUser.getEmail());
|
||||
mUser.setRoleId(2);
|
||||
|
||||
|
||||
sqlMigrationUserDAO.insert(mUser);
|
||||
}
|
||||
return Response.status(200).entity(composeDataResponse(mUser)).type(MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (LDAPException exc) {
|
||||
logger.error("Fail to connect to LDAP. ", exc);
|
||||
return Response
|
||||
.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity(compose500Message("LDAP error.", exc))
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
|
||||
} catch (SQLException exc) {
|
||||
logger.error("Fail to fetch users. ", exc);
|
||||
return Response
|
||||
.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity(compose500Message("Fail to fetch users.", exc))
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
} catch (IOException e) {
|
||||
logger.error(e);
|
||||
}
|
||||
|
||||
}
|
||||
logger.info("DDDDDDDD");
|
||||
|
||||
@GET
|
||||
@Path("/changeRole")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response changeRole(@QueryParam("roleId") int roleId, @QueryParam("userId") int userId)
|
||||
{
|
||||
RoleDAO roleDAO = new RoleDAO();
|
||||
try
|
||||
{
|
||||
Role role = roleDAO.fetchById(roleId);
|
||||
if (role == null)
|
||||
{
|
||||
//fetch all roleids TODO
|
||||
String errorMessageJson = compose404Message("Cannot find role with id" + roleId + ".");
|
||||
|
||||
return Response
|
||||
.status(Response.Status.NOT_FOUND)
|
||||
.entity(errorMessageJson)
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
}
|
||||
|
||||
MigrationUser mUser = sqlMigrationUserDAO.fetchById(userId);
|
||||
|
||||
if (mUser == null)
|
||||
{
|
||||
String errorMessageJson = compose404Message("Cannot find user with id " + userId + ".");
|
||||
|
||||
return Response
|
||||
.status(Response.Status.NOT_FOUND)
|
||||
.entity(errorMessageJson)
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
}
|
||||
|
||||
mUser.setRoleId(roleId);
|
||||
sqlMigrationUserDAO.update(mUser);
|
||||
|
||||
return Response.status(200).entity(composeDataResponse(mUser)).build();
|
||||
}
|
||||
catch (SQLException exc)
|
||||
{
|
||||
return Response
|
||||
.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity(compose500Message("Fail to fetch users.", exc))
|
||||
.type(MediaType.APPLICATION_JSON)
|
||||
.build();
|
||||
}
|
||||
return Response.status(200).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/getUserInfo")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
//TODO REMOVE THIS and make the request directly to aai service {oidc.issuer} OR! see what is done with redis
|
||||
public Response getUserInfo(@QueryParam("accessToken") String accessToken) throws JsonProcessingException {
|
||||
//return Response.status(404).entity(compose404Message("This is a test message.")).type(MediaType.APPLICATION_JSON).build();
|
||||
// call aai with accessToken
|
||||
|
@ -236,6 +140,7 @@ public class Test3Service {
|
|||
//logger.info(restTemplate.exchange(fooResourceUrl, HttpMethod.GET, request, Object.class));
|
||||
ResponseEntity response1 = restTemplate.exchange(fooResourceUrl, HttpMethod.GET, request, Object.class);
|
||||
logger.info(response1.getBody().toString());
|
||||
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
|
||||
return Response.status(response1.getStatusCode().value()).entity(mapper.writeValueAsString(response1.getBody())).type(MediaType.APPLICATION_JSON).build();
|
||||
|
@ -278,8 +183,44 @@ public class Test3Service {
|
|||
}
|
||||
return Response.status(200).entity(userInfoJson.toString()).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
/* JSON Utility Methods */
|
||||
|
||||
/*
|
||||
@GET
|
||||
@Path("/katerina")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
//@PreAuthorize("hasRole('ROLE_USER')")
|
||||
@PreAuthorize("hasAuthority('urn:geant:openaire.eu:group:Registered+User#aai.openaire.eu')")
|
||||
public Response getKaterina() {
|
||||
return Response.status(200).build();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/skata")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
public Response getKaterina2() {
|
||||
return Response.status(200).build();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Path("/skata2")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@PreAuthorize("hasAuthority('skata')")
|
||||
public Response getKaterina3() {
|
||||
return Response.status(200).build();
|
||||
}
|
||||
|
||||
|
||||
@GET
|
||||
@Path("/me")
|
||||
//@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getKaterina(@AuthenticationPrincipal UserDetails userDetails) {
|
||||
//return Response.status(200).entity(userDetails).type(MediaType.APPLICATION_JSON).build();
|
||||
return Response.status(200).build();
|
||||
}
|
||||
*/
|
||||
|
||||
/* JSON Utility Methods */
|
||||
private String compose401Message(String message) {
|
||||
return "{ \"status\" : \"error\", \"code\" : \"401\", \"message\" : \" " + message +" \" }";
|
||||
}
|
||||
|
@ -293,23 +234,10 @@ public class Test3Service {
|
|||
"\"description\" : \""+ exception.getMessage() +"\" }";
|
||||
}
|
||||
|
||||
private String composeDataResponse(UserInfo user) {
|
||||
return "{ \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : \"" + JWTGenerator.generateToken(user, "my-very-secret") + "\" }";
|
||||
}
|
||||
|
||||
private String composeDataResponse(MigrationUser user) {
|
||||
//return "{ \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(user) + " }";
|
||||
return "{ \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : \"" + JWTGenerator.generateToken(user, "my-very-secret") + "\" }";
|
||||
}
|
||||
|
||||
private String composeDataResponse(LDAPUser user) {
|
||||
return " { \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(user) + " }";
|
||||
}
|
||||
|
||||
// private String composeDataResponse(String username) {
|
||||
// return " { \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(username) + " }";
|
||||
// }
|
||||
|
||||
private String composeDataResponse(String fullname) {
|
||||
return " { \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(fullname) + " }";
|
||||
}
|
||||
|
|
|
@ -1,53 +0,0 @@
|
|||
package eu.dnetlib.openaire.usermanagement.registry.beans;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
|
||||
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
|
||||
import org.springframework.session.web.http.CookieSerializer;
|
||||
import org.springframework.session.web.http.DefaultCookieSerializer;
|
||||
|
||||
/**
|
||||
* Created by stefanos on 14/6/2017.
|
||||
*/
|
||||
@PropertySource(value = { "classpath:eu/dnet/openaire/usermanagement/redis.properties", "classpath:eu/dnet/openaire/usermanagement/springContext-dnetOpenaireUsersService.properties"} )
|
||||
@Configuration
|
||||
@EnableRedisHttpSession
|
||||
public class Config {
|
||||
|
||||
private static Logger logger = Logger.getLogger(Config.class);
|
||||
|
||||
@Value("${redis.host:localhost}")
|
||||
private String host;
|
||||
|
||||
@Value("${redis.port:6379}")
|
||||
private String port;
|
||||
|
||||
@Value("${redis.password:#{null}}")
|
||||
private String password;
|
||||
|
||||
@Value("${webbapp.front.domain:.openaire.eu}")
|
||||
private String domain;
|
||||
|
||||
@Bean
|
||||
public LettuceConnectionFactory connectionFactory() {
|
||||
logger.info(String.format("Redis connection listens to %s:%s ",host,port));
|
||||
LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));
|
||||
if(password != null) factory.setPassword(password);
|
||||
return factory;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public CookieSerializer cookieSerializer() {
|
||||
logger.info("Cookie Serializer: Domain is "+domain);
|
||||
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
|
||||
serializer.setCookieName("openAIRESession"); // <1>
|
||||
serializer.setCookiePath("/"); // <2>
|
||||
// serializer.setDomainNamePattern(""); //with value "" set's the domain of the service e.g scoobydoo.di.uoa.gr
|
||||
serializer.setDomainName(domain);
|
||||
return serializer;
|
||||
}
|
||||
}
|
|
@ -1,104 +0,0 @@
|
|||
package eu.dnetlib.openaire.usermanagement.security;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* Created by stefanos on 9/5/2017.
|
||||
*/
|
||||
public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class);
|
||||
|
||||
private String frontEndURI;
|
||||
private String frontPath;
|
||||
private String frontDomain;
|
||||
|
||||
@Override
|
||||
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IllegalArgumentException, IOException {
|
||||
|
||||
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
|
||||
|
||||
try {
|
||||
|
||||
// Cookie jwt = new Cookie("XCsrfToken", JWTGenerator.generateToken(authOIDC, "my-very-secret"));
|
||||
Cookie openAIREUser = new Cookie("openAIREUser", new Gson().toJson(JWTGenerator.generateJsonToken(authOIDC)));
|
||||
Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue());
|
||||
|
||||
// Expire the cookies in four hours (4 * 3600)
|
||||
// jwt.setMaxAge(14400);
|
||||
openAIREUser.setMaxAge(14400);
|
||||
accessToken.setMaxAge(14400);
|
||||
|
||||
//TODO DELETE LOG
|
||||
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
||||
// logger.info("jwt: " + JWTGenerator.generateToken(authOIDC, "my-very-secret"));
|
||||
logger.info("access token: " + authOIDC.getAccessTokenValue());
|
||||
logger.info("openAIREUser: " + JWTGenerator.generateJsonToken(authOIDC));
|
||||
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
||||
|
||||
//TODO DELETE LOG
|
||||
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
||||
// logger.info("refresh token: " + authOIDC.getRefreshTokenValue());
|
||||
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
||||
|
||||
|
||||
// jwt.setPath(frontPath);
|
||||
openAIREUser.setPath(frontPath);
|
||||
accessToken.setPath(frontPath);
|
||||
|
||||
if (frontDomain!=null) {
|
||||
// jwt.setDomain(frontDomain);
|
||||
openAIREUser.setDomain(frontDomain);
|
||||
accessToken.setDomain(frontDomain);
|
||||
}
|
||||
|
||||
// response.addCookie(jwt);
|
||||
response.addCookie(openAIREUser);
|
||||
response.addCookie(accessToken);
|
||||
response.sendRedirect(frontEndURI);
|
||||
|
||||
} catch (IOException e) {
|
||||
logger.error("IOException in redirection ", e);
|
||||
throw new IOException(e);
|
||||
}catch (IllegalArgumentException e) {
|
||||
logger.error("IllegalArgumentException in redirection ", e);
|
||||
throw new IllegalArgumentException(e);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public String getFrontEndURI() {
|
||||
return frontEndURI;
|
||||
}
|
||||
|
||||
public void setFrontEndURI(String frontEndURI) {
|
||||
this.frontEndURI = frontEndURI;
|
||||
}
|
||||
|
||||
public String getFrontPath() {
|
||||
return frontPath;
|
||||
}
|
||||
|
||||
public void setFrontPath(String frontPath) {
|
||||
this.frontPath = frontPath;
|
||||
}
|
||||
|
||||
public String getFrontDomain() {
|
||||
return frontDomain;
|
||||
}
|
||||
|
||||
public void setFrontDomain(String frontDomain) {
|
||||
this.frontDomain = frontDomain;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1,231 +0,0 @@
|
|||
package eu.dnetlib.openaire.usermanagement.security;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
import eu.dnetlib.openaire.user.pojos.migration.MigrationUser;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.mitre.openid.connect.model.UserInfo;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLEncoder;
|
||||
import java.text.ParseException;
|
||||
import java.util.Date;
|
||||
|
||||
public class JWTGenerator {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(JWTGenerator.class);
|
||||
|
||||
public static String generateToken(MigrationUser u, String secret) {
|
||||
Claims claims = Jwts.claims().setSubject(u.getUsername());
|
||||
claims.put("fullname", u.getFullname() + "");
|
||||
claims.put("userId", u.getId() + "");
|
||||
claims.put("email", u.getEmail() + "");
|
||||
claims.put("role", u.getRoleId());
|
||||
|
||||
//expiration
|
||||
long nowMillis = System.currentTimeMillis();
|
||||
Date now = new Date(nowMillis);
|
||||
long ttlMillis = 1800000;
|
||||
long expMillis = nowMillis + ttlMillis;
|
||||
Date exp = new Date(expMillis);
|
||||
|
||||
return Jwts.builder()
|
||||
.setClaims(claims)
|
||||
.setExpiration(exp)
|
||||
.signWith(SignatureAlgorithm.HS512, secret)
|
||||
.compact();
|
||||
}
|
||||
|
||||
public static String generateToken(OIDCAuthenticationToken authOIDC, String secret) {
|
||||
|
||||
try {
|
||||
|
||||
JsonObject userInfo = authOIDC.getUserInfo().getSource();
|
||||
Claims claims = Jwts.claims().setSubject(authOIDC.getUserInfo().getSub());
|
||||
claims.put("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8") + "");
|
||||
|
||||
if (authOIDC.getUserInfo().getGivenName() == null){
|
||||
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
|
||||
claims.put("firstname", URLEncoder.encode(" ", "UTF-8") + "");
|
||||
} else {
|
||||
claims.put("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");
|
||||
}
|
||||
if (authOIDC.getUserInfo().getFamilyName() == null){
|
||||
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
|
||||
claims.put("lastname", URLEncoder.encode(" ", "UTF-8") + "");
|
||||
} else {
|
||||
claims.put("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");
|
||||
}
|
||||
claims.put("email", authOIDC.getUserInfo().getEmail() + "");
|
||||
|
||||
// if (userInfo.getAsJsonArray("eduPersonScopedAffiliation").toString() != null) {
|
||||
// claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");
|
||||
// }
|
||||
|
||||
if (userInfo.getAsJsonArray("edu_person_entitlements") == null){
|
||||
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role");
|
||||
claims.put("role", URLEncoder.encode(" ", "UTF-8") + "");
|
||||
} else {
|
||||
claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
|
||||
}
|
||||
|
||||
//TODO remove, We don't need it but if we are going to use it, we need to check if the user has affiliation
|
||||
//claims.put("edu_person_scoped_affiliations", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");
|
||||
|
||||
//TODO remove
|
||||
//TODO THIS IS TEST
|
||||
// claims.put("fullname", URLEncoder.encode("Σοφία Μπαλτζή", "UTF-8") + "");
|
||||
// claims.put("firstname", URLEncoder.encode("Σοφία", "UTF-8") + "");
|
||||
// claims.put("lastname", URLEncoder.encode("Μπαλτζή", "UTF-8") + "");
|
||||
// claims.put("email", "sofie.mpl@gmail.com" + "");
|
||||
// claims.put("edu_person_scoped_affiliations", "faculty");
|
||||
|
||||
Date exp = new Date(authOIDC.getIdToken().getJWTClaimsSet().getExpirationTime().getTime());
|
||||
// logger.info("expirationTime: "+ exp);
|
||||
|
||||
//TODO DELETE LOGS
|
||||
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
||||
// logger.info("fullName: " + authOIDC.getUserInfo().getName());
|
||||
// logger.info("firstName: " + authOIDC.getUserInfo().getGivenName());
|
||||
// logger.info("lastName: " + authOIDC.getUserInfo().getFamilyName());
|
||||
// logger.info("email: " + authOIDC.getUserInfo().getEmail());
|
||||
// //logger.info("Check everything");
|
||||
// logger.info("locale: " + authOIDC.getUserInfo().getSource());
|
||||
// logger.info("role: " + userInfo.getAsJsonArray("edu_person_entitlements").toString());
|
||||
// //logger.info("affiliation: " + userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString());
|
||||
// logger.info("expirationTime: " + exp);
|
||||
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
||||
|
||||
return Jwts.builder()
|
||||
.setClaims(claims)
|
||||
.setExpiration(exp)
|
||||
.signWith(SignatureAlgorithm.HS512, secret)
|
||||
.compact();
|
||||
|
||||
} catch (ParseException e) {
|
||||
e.printStackTrace();
|
||||
logger.error("JWT Parse Exception from getting Expiration Time ", e);
|
||||
return "error";
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
e.printStackTrace();
|
||||
logger.error("UnsupportedEncodingException UTF-8 ", e);
|
||||
return "error";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public static JsonObject generateJsonToken(OIDCAuthenticationToken authOIDC) {
|
||||
try {
|
||||
|
||||
JsonObject userInfo = authOIDC.getUserInfo().getSource();
|
||||
JsonObject userInfo2 = new JsonObject();
|
||||
|
||||
if (authOIDC.getUserInfo().getSub() == null) {
|
||||
logger.info("User doesn't have sub");
|
||||
userInfo2.addProperty("sub", "");
|
||||
} else {
|
||||
userInfo2.addProperty("sub", URLEncoder.encode(authOIDC.getUserInfo().getSub(), "UTF-8"));
|
||||
}
|
||||
if (authOIDC.getUserInfo().getName() == null) {
|
||||
logger.info("User doesn't have fullname");
|
||||
userInfo2.addProperty("fullname", "");
|
||||
} else {
|
||||
userInfo2.addProperty("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8"));
|
||||
}
|
||||
if (authOIDC.getUserInfo().getGivenName() == null){
|
||||
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
|
||||
// userInfo2.addProperty("firstname", URLEncoder.encode(" ", "UTF-8") + "");
|
||||
userInfo2.addProperty("firstname", "");
|
||||
} else {
|
||||
userInfo2.addProperty("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");
|
||||
}
|
||||
if (authOIDC.getUserInfo().getFamilyName() == null){
|
||||
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
|
||||
// userInfo2.addProperty("lastname", URLEncoder.encode(" ", "UTF-8") + "");
|
||||
userInfo2.addProperty("lastname", "");
|
||||
} else {
|
||||
userInfo2.addProperty("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");
|
||||
}
|
||||
userInfo2.addProperty("email", authOIDC.getUserInfo().getEmail() + "");
|
||||
|
||||
if (userInfo.getAsJsonArray("edu_person_entitlements") == null){
|
||||
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role");
|
||||
// userInfo2.addProperty("role", URLEncoder.encode(" ", "UTF-8") + "");
|
||||
userInfo2.addProperty("role", "");
|
||||
} else {
|
||||
userInfo2.addProperty("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
|
||||
}
|
||||
|
||||
logger.info("UserINFO: " + userInfo2.toString());
|
||||
return userInfo2;
|
||||
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
e.printStackTrace();
|
||||
logger.error("UnsupportedEncodingException UTF-8 ", e);
|
||||
JsonObject error = new JsonObject();
|
||||
error.addProperty("error", "UnsupportedEncodingException UTF-8 " + e);
|
||||
return error;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
//TODO DELETE IF IT IS NOT NECESSARY
|
||||
public static String generateAccessToken(OIDCAuthenticationToken authOIDC, String secret) {
|
||||
Claims claims = Jwts.claims().setId(authOIDC.getAccessTokenValue());
|
||||
|
||||
//TODO DELETE LOGS
|
||||
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
||||
logger.info("access token: " + authOIDC.getAccessTokenValue());
|
||||
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
|
||||
|
||||
return Jwts.builder()
|
||||
.setClaims(claims)
|
||||
.signWith(SignatureAlgorithm.HS512, secret)
|
||||
.compact();
|
||||
}
|
||||
|
||||
|
||||
public static String generateToken(UserInfo user, String secret) {
|
||||
try {
|
||||
|
||||
JsonObject userInfo = user.getSource();
|
||||
|
||||
Claims claims = Jwts.claims().setSubject(user.getSub());
|
||||
claims.put("email", user.getEmail() + "");
|
||||
claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
|
||||
|
||||
return Jwts.builder()
|
||||
.setClaims(claims)
|
||||
.signWith(SignatureAlgorithm.HS512, secret)
|
||||
.compact();
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
e.printStackTrace();
|
||||
logger.error("UnsupportedEncodingException UTF-8 ", e);
|
||||
return "error";
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
// How to add it manually
|
||||
// long nowMillis = System.currentTimeMillis();
|
||||
// //This is my token
|
||||
// try {
|
||||
// String jwt = Jwts.builder()
|
||||
// .setSubject("Argiro")
|
||||
// .setExpiration(new Date(nowMillis+1800000))
|
||||
// .claim("fullname", "Argiro Kokogianaki")
|
||||
// .claim("id", "8")
|
||||
// .claim("email", "argiro@gmail.com")
|
||||
// .claim("role","2")
|
||||
// .signWith(
|
||||
// SignatureAlgorithm.HS512,
|
||||
// "my-very-secret".getBytes("UTF-8")
|
||||
// )
|
||||
// .compact();
|
|
@ -1,5 +0,0 @@
|
|||
redis.host = 127.0.0.1
|
||||
#redis.port = 6379
|
||||
#redis.password
|
||||
|
||||
|
|
@ -1,17 +1,2 @@
|
|||
oidc.id=767422b9-5461-4807-a80a-f9a2072d3a7d
|
||||
oidc.secret=AMQtGlbTXNjwjhF0st28LmM6V0XypMdaVS7tJmGuYFlmH36iIv4t7tVqYuLYrNPkhnZ_GPUJvhymBhFupdgb6aU
|
||||
oidc.issuer = https://aai.openaire.eu/oidc/
|
||||
|
||||
#oidc.home = https://beta.services.openaire.eu/admin-user-management/openid_connect_login
|
||||
#webbapp.front = https://beta.admin.connect.openaire.eu/reload
|
||||
#webbapp.front.path = /
|
||||
#webbapp.front.domain = .openaire.eu
|
||||
|
||||
#testing
|
||||
oidc.home = http://scoobydoo.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/openid_connect_login
|
||||
webbapp.front = https://scoobydoo.di.uoa.gr:4200/reload
|
||||
webbapp.front.path = /
|
||||
webbapp.front.domain =.di.uoa.gr
|
||||
|
||||
google.recaptcha.secret = 6LfYrU8UAAAAADwrbImPvDo_XcxEZvrkkgMy9yU0
|
||||
google.recaptcha.key = 6LfYrU8UAAAAAFsl3m2YhP1uavdmAdFEXBkoY_vd
|
|
@ -9,18 +9,15 @@
|
|||
http://www.springframework.org/schema/context/spring-context-4.2.xsd">
|
||||
|
||||
|
||||
<import resource="classpath*:/eu/dnetlib/openaire/user/springContext-userManagementService.xml" />
|
||||
<import resource="classpath*:/eu/dnetlib/openaire/user/login/springContext-userLoginCore.xml" />
|
||||
|
||||
<context:component-scan base-package="eu.dnetlib.openaire.usermanagement.*"/>
|
||||
<context:annotation-config />
|
||||
|
||||
<import resource="classpath*:/eu/dnetlib/openaire/user/springContext-userManagementService.xml" />
|
||||
|
||||
<!--<bean id="webexpressionHandler"-->
|
||||
<!--class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>-->
|
||||
|
||||
<bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
|
||||
<bean class="org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory"/>
|
||||
|
||||
|
||||
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
|
||||
<property name="order" value="2" />
|
||||
<property name="ignoreUnresolvablePlaceholders" value="true" />
|
||||
|
@ -36,8 +33,8 @@
|
|||
<value>classpath*:/eu/**/applicationContext*.properties</value>
|
||||
<value>classpath*:/eu/dnetlib/applicationContext-defaultProperties.properties</value>
|
||||
<value>classpath*:/eu/**/springContext-userManagementService.properties</value>
|
||||
<value>classpath*:/eu/**/springContext-dnetOpenaireUsersService.properties</value>
|
||||
<value>classpath*:/eu/**/redis.properties</value>
|
||||
<value>classpath*:/eu/**/springContext-userLoginCore.properties</value>
|
||||
<value>classpath*:/eu/**/springContext-dnetOpenaireUsersService.properties</value>
|
||||
<value>classpath*:/uoa-override.properties</value>
|
||||
<value>classpath*:/dnet-override.properties</value>
|
||||
</list>
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
log4j.rootLogger = INFO, R
|
||||
log4j.rootLogger = DEBUG, R
|
||||
|
||||
log4j.logger.eu.dnetlib = INFO
|
||||
log4j.logger.eu.dnetlib = DEBUG, R
|
||||
log4j.logger.eu.dnetlib.openaire.user = DEBUG, R
|
||||
log4j.logger.org.mitre.openid = INFO
|
||||
log4j.logger.org.springframework = INFO, S
|
||||
log4j.logger.org.springframework = DEBUG, S
|
||||
log4j.logger.com.lambdaworks.redis.protocol = INFO, S
|
||||
log4j.logger.org.apache.http = INFO, S
|
||||
|
||||
log4j.additivity.org.springframework = false
|
||||
|
||||
|
|
|
@ -1,249 +1,17 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
|
||||
http://www.springframework.org/schema/context
|
||||
http://www.springframework.org/schema/context/spring-context-4.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/util
|
||||
http://www.springframework.org/schema/util/spring-util.xsd"
|
||||
default-autowire="byName"> -->
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
|
||||
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"
|
||||
default-autowire="byType">
|
||||
|
||||
|
||||
<!--<bean id="dataSourceConnector" class="eu.dnetlib.openaire.user.store.DataSourceConnector" init-method="init" autowire="byName">-->
|
||||
<!--<property name="username" value="${openaire.users.db.username}"/>-->
|
||||
<!--<property name="password" value="${openaire.users.db.password}"/>-->
|
||||
<!--<property name="dbUrl" value="${openaire.users.db.url}" />-->
|
||||
<!--<property name="driver" value="${openaire.users.db.driverClassName}" />-->
|
||||
<!--</bean>-->
|
||||
|
||||
<!--<bean id="sqlMigrationUserDAO" class="eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO" autowire="byName"/>-->
|
||||
|
||||
<!--<bean id="userVerificationDAO" class="eu.dnetlib.openaire.user.dao.UserVerificationDAO">-->
|
||||
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
|
||||
<!--</bean>-->
|
||||
|
||||
|
||||
|
||||
<!--<bean id="verificationActions" class="eu.dnetlib.openaire.user.utils.VerificationActions">-->
|
||||
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
|
||||
<!--</bean>-->
|
||||
|
||||
|
||||
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
|
||||
|
||||
<security:http auto-config="false" use-expressions="true"
|
||||
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
|
||||
pattern="/**">
|
||||
|
||||
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
|
||||
|
||||
<security:logout logout-url="/openid_logout" invalidate-session="true"/>
|
||||
|
||||
</security:http>
|
||||
|
||||
<bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>
|
||||
|
||||
<bean id="webexpressionHandler"
|
||||
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
|
||||
|
||||
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
|
||||
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
|
||||
</bean>
|
||||
|
||||
<security:authentication-manager alias="authenticationManager">
|
||||
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
|
||||
</security:authentication-manager>
|
||||
|
||||
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
|
||||
<property name="authoritiesMapper">
|
||||
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
|
||||
<property name="admins" ref="namedAdmins" />
|
||||
</bean>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
||||
<!--
|
||||
This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER.
|
||||
Note that having an administrator role on the IdP doesn't grant administrator access on this client.
|
||||
|
||||
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
||||
<constructor-arg name="subject" value="subject_value" />
|
||||
<constructor-arg name="issuer" value="${oidc.issuer}" />
|
||||
</bean>
|
||||
</util:set>
|
||||
|
||||
|
||||
<bean class="eu.dnetlib.openaire.usermanagement.security.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
|
||||
<property name="frontEndURI" value="${webbapp.front}"/>
|
||||
<property name="frontPath" value="${webbapp.front.path}"/>
|
||||
<property name="frontDomain" value="${webbapp.front.domain:#{null}}"/>
|
||||
</bean>
|
||||
|
||||
<!--<bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>-->
|
||||
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
|
||||
<!--<property name="filterProcessesUrl" value="/logout"/>-->
|
||||
<!--<constructor-arg index="0" value="/"/>-->
|
||||
<!--<constructor-arg index="1">-->
|
||||
<!--<list>-->
|
||||
<!--<ref bean="securityContextLogoutHandler"/>-->
|
||||
<!--<!–ref bean="myLogoutHandler"/–>-->
|
||||
<!--</list>-->
|
||||
<!--</constructor-arg>-->
|
||||
<!--</bean>-->
|
||||
|
||||
<!--<bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURILogoutSuccessHandler" id="frontEndRedirectLogout"/>-->
|
||||
|
||||
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
|
||||
<!--<property name="filterProcessesUrl" value="/logout"/>-->
|
||||
<!--<constructor-arg index="0" value="/"/>-->
|
||||
<!--<constructor-arg index="1">-->
|
||||
<!--<list>-->
|
||||
<!--<ref bean="securityContextLogoutHandler"/>-->
|
||||
<!--<!–ref bean="myLogoutHandler"/–>-->
|
||||
<!--</list>-->
|
||||
<!--</constructor-arg>-->
|
||||
<!--</bean>-->
|
||||
<!--
|
||||
-
|
||||
- The authentication filter
|
||||
-
|
||||
-->
|
||||
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager" />
|
||||
<property name="issuerService" ref="staticIssuerService" />
|
||||
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
|
||||
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
|
||||
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
|
||||
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
|
||||
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
|
||||
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
Static issuer service, returns the same issuer for every request.
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
|
||||
<property name="issuer" value="${oidc.issuer}" />
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
Dynamic server configuration, fetches the server's information using OIDC Discovery.
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
|
||||
<property name="servers">
|
||||
<map>
|
||||
<entry key="${oidc.issuer}">
|
||||
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
|
||||
<property name="issuer" value="${oidc.issuer}" />
|
||||
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
|
||||
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
|
||||
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
|
||||
<property name="jwksUri" value="${oidc.issuer}jwk" />
|
||||
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
|
||||
</bean>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
|
||||
<!--
|
||||
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
|
||||
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
|
||||
<property name="clients">
|
||||
<map>
|
||||
<entry key="${oidc.issuer}">
|
||||
<bean class="org.mitre.oauth2.model.RegisteredClient">
|
||||
<property name="clientId" value="${oidc.id}" />
|
||||
<property name="clientSecret" value="${oidc.secret}" />
|
||||
<property name="scope">
|
||||
<set value-type="java.lang.String">
|
||||
<value>openid</value>
|
||||
</set>
|
||||
</property> xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
|
||||
|
||||
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
|
||||
<property name="redirectUris">
|
||||
<set>
|
||||
<value>${oidc.home}</value>
|
||||
</set>
|
||||
</property>
|
||||
</bean>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
-->
|
||||
|
||||
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
|
||||
<property name="clients">
|
||||
<map>
|
||||
<entry key="${oidc.issuer}">
|
||||
<bean class="org.mitre.oauth2.model.RegisteredClient">
|
||||
<property name="clientId" value="${oidc.id}" />
|
||||
<property name="clientSecret" value="${oidc.secret}" />
|
||||
<property name="scope">
|
||||
<set value-type="java.lang.String">
|
||||
<value>openid</value>
|
||||
</set>
|
||||
</property>
|
||||
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
|
||||
<property name="redirectUris">
|
||||
<set>
|
||||
<value>${oidc.home}</value>
|
||||
</set>
|
||||
</property>
|
||||
</bean>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
-
|
||||
- Auth request options service: returns the optional components of the request
|
||||
-
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
|
||||
<property name="options">
|
||||
<map>
|
||||
<!-- Entries in this map are sent as key-value parameters to the auth request -->
|
||||
<!--
|
||||
<entry key="display" value="page" />
|
||||
<entry key="max_age" value="30" />
|
||||
<entry key="prompt" value="none" />
|
||||
-->
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
Plain authorization request builder, puts all options as query parameters on the GET request
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
|
||||
|
||||
<context:component-scan base-package="eu.dnetlib.openaire.user.api.services" />
|
||||
<context:component-scan base-package="eu.dnetlib.openaire.usermanagement.registry.beans" />
|
||||
<context:annotation-config></context:annotation-config>
|
||||
|
||||
</beans>
|
|
@ -158,10 +158,6 @@
|
|||
<param-name>cors.exposed.headers</param-name>
|
||||
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Methods</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>cors.support.credentials</param-name>
|
||||
<param-value>true</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
<filter-mapping>
|
||||
<filter-name>CorsFilter</filter-name>
|
||||
|
|
Loading…
Reference in New Issue