MERGE redis branch 49864:50863

This commit is contained in:
Katerina Iatropoulou 2018-02-22 13:27:40 +00:00
parent b02517e740
commit 3d9aa16334
15 changed files with 1086 additions and 106 deletions

73
pom.xml
View File

@ -1,9 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>eu.dnetlib</groupId>
<artifactId>dnet45-container-parent</artifactId>
<version>1.0.0</version>
<version>1.0.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>eu.dnetlib</groupId>
@ -11,7 +12,9 @@
<packaging>war</packaging>
<version>1.0.0-SNAPSHOT</version>
<scm>
<developerConnection>scm:svn:https://svn.driver.research-infrastructures.eu/driver/dnet40/modules/dnet-openaire-users/trunk</developerConnection>
<developerConnection>
scm:svn:https://svn.driver.research-infrastructures.eu/driver/dnet40/modules/dnet-openaire-users/branches/redis
</developerConnection>
</scm>
<dependencies>
<dependency>
@ -19,6 +22,16 @@
<artifactId>uoa-user-management</artifactId>
<version>[2.0.0-SNAPSHOT, 3.0.0)</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.5</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.5</version>
</dependency>
<dependency>
<groupId>eu.dnetlib</groupId>
<artifactId>dnet-runtime</artifactId>
@ -44,7 +57,59 @@
<artifactId>uoa-user-management</artifactId>
<version>2.0.0-SNAPSHOT</version>
</dependency>
</dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.2.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.1.RELEASE</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.6.2</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-client</artifactId>
<version>1.3.0</version>
</dependency>
<!-- About redis -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
<version>1.3.1.RELEASE</version>
<type>pom</type>
</dependency>
<dependency>
<groupId>biz.paluch.redis</groupId>
<artifactId>lettuce</artifactId>
<version>3.5.0.Final</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>4.3.4.RELEASE</version>
</dependency>
</dependencies>
</project>

View File

@ -0,0 +1,270 @@
package eu.dnetlib.openaire.usermanagement.api;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.unboundid.ldap.sdk.LDAPException;
import eu.dnetlib.openaire.user.LDAPUser;
import eu.dnetlib.openaire.user.MigrationUser;
import eu.dnetlib.openaire.user.Role;
import eu.dnetlib.openaire.user.dao.RoleDAO;
import eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO;
import eu.dnetlib.openaire.user.ldap.MUserActionsLDAP;
import eu.dnetlib.openaire.user.store.DataSourceConnector;
import eu.dnetlib.openaire.usermanagement.security.JWTGenerator;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.UserInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.*;
import org.springframework.http.HttpMethod;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.sql.SQLException;
/**
* Created by sofia on 24/11/2016.
*/
@Component(value = "test3service")
@Path("/users")
public class Test3Service {
private static final Logger logger = Logger.getLogger(Test3Service.class);
@Autowired
private SQLMigrationUserDAO sqlMigrationUserDAO;
@Autowired
private MUserActionsLDAP mUserActionsLDAP;
@Autowired
private DataSourceConnector dataSourceConnector;
@GET
@Path("/{userId}")
@Produces(MediaType.APPLICATION_JSON)
public Response getUserById(@PathParam("userId") int userId) {
try {
MigrationUser mUser = sqlMigrationUserDAO.fetchById(userId);
// Invalide user ID
if (mUser == null) {
String errorMessageJson = compose404Message("Cannot find user with id " + userId + ".");
return Response
.status(Response.Status.NOT_FOUND)
.entity(errorMessageJson)
.type(MediaType.APPLICATION_JSON)
.build();
}
return Response.status(200).entity(composeDataResponse(mUser)).build();
}
catch (SQLException e) {
return Response
.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(compose500Message("Fail to fetch users.", e))
.type(MediaType.APPLICATION_JSON)
.build();
}
}
/* How to check @browser ../authenticate/?username=MY_USERNAME&password=MY_PASSWORD
* http://localhost:8080/uoa-user-management-1.0.0-SNAPSHOT/api/users/authenticate?username=sba&password=12345678
@GET
@Path("/authenticate")
@Produces(MediaType.APPLICATION_JSON)
public Response authenticateUserGET(@QueryParam("username") String username, @QueryParam("password") String password)
{
return commonAuthenticateFunction(username, password);
}*/
@POST
@Path("/authenticates")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public Response authenticateUserPOST(String input) {
JsonObject jsonObject = new JsonParser().parse(input).getAsJsonObject();
String username = jsonObject.get("username").getAsString();
String password = jsonObject.get("password").getAsString();
return commonAuthenticateFunction(username, password);
}
private Response commonAuthenticateFunction(String username, String password)
{
try {
boolean usernameExists = mUserActionsLDAP.usernameExists(username);
// if user was not found
if (!usernameExists) {
String errorMessageJson = compose401Message("Wrong credentials.");
return Response
.status(Response.Status.UNAUTHORIZED)
.entity(errorMessageJson)
.type(MediaType.APPLICATION_JSON)
.build();
}
boolean authenticated = mUserActionsLDAP.authenticate(username, password);
// if user was not authenticated
if (!authenticated) {
return Response
.status(Response.Status.UNAUTHORIZED)
.entity(compose401Message("User " + username + " could not be authenticated."))
.type(MediaType.APPLICATION_JSON)
.build();
}
MigrationUser mUser = sqlMigrationUserDAO.fetchByUsername(username);
// if user was not found in my db
LDAPUser ldapUser = null;
if (mUser == null) {
mUser = new MigrationUser(username);
ldapUser = mUserActionsLDAP.getUser(username);
mUser.setFullname(ldapUser.getDisplayName());
mUser.setEmail(ldapUser.getEmail());
mUser.setRoleId(2);
sqlMigrationUserDAO.insert(mUser);
}
return Response.status(200).entity(composeDataResponse(mUser)).type(MediaType.APPLICATION_JSON).build();
} catch (LDAPException exc) {
logger.error("Fail to connect to LDAP. ", exc);
return Response
.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(compose500Message("LDAP error.", exc))
.type(MediaType.APPLICATION_JSON)
.build();
} catch (SQLException exc) {
logger.error("Fail to fetch users. ", exc);
return Response
.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(compose500Message("Fail to fetch users.", exc))
.type(MediaType.APPLICATION_JSON)
.build();
}
}
@GET
@Path("/changeRole")
@Produces(MediaType.APPLICATION_JSON)
public Response changeRole(@QueryParam("roleId") int roleId, @QueryParam("userId") int userId)
{
RoleDAO roleDAO = new RoleDAO();
try
{
Role role = roleDAO.fetchById(roleId);
if (role == null)
{
//fetch all roleids TODO
String errorMessageJson = compose404Message("Cannot find role with id" + roleId + ".");
return Response
.status(Response.Status.NOT_FOUND)
.entity(errorMessageJson)
.type(MediaType.APPLICATION_JSON)
.build();
}
MigrationUser mUser = sqlMigrationUserDAO.fetchById(userId);
if (mUser == null)
{
String errorMessageJson = compose404Message("Cannot find user with id " + userId + ".");
return Response
.status(Response.Status.NOT_FOUND)
.entity(errorMessageJson)
.type(MediaType.APPLICATION_JSON)
.build();
}
mUser.setRoleId(roleId);
sqlMigrationUserDAO.update(mUser);
return Response.status(200).entity(composeDataResponse(mUser)).build();
}
catch (SQLException exc)
{
return Response
.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(compose500Message("Fail to fetch users.", exc))
.type(MediaType.APPLICATION_JSON)
.build();
}
}
@GET
@Path("/getUserInfo")
@Produces(MediaType.APPLICATION_JSON)
public Response getUserInfo(@QueryParam("accessToken") String accessToken) throws JsonProcessingException {
//return Response.status(404).entity(compose404Message("This is a test message.")).type(MediaType.APPLICATION_JSON).build();
// call aai with accessToken
RestTemplate restTemplate = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.add("Authorization","Bearer " + accessToken);
HttpEntity request = new HttpEntity(null, headers);
String fooResourceUrl = "https://aai.openminted.eu/oidc/userinfo";
logger.info(restTemplate.exchange(fooResourceUrl, HttpMethod.GET, request, Object.class));
ResponseEntity response1 = restTemplate.exchange(fooResourceUrl, HttpMethod.GET, request, Object.class);
logger.info(response1.getBody().toString());
ObjectMapper mapper = new ObjectMapper();
return Response.status(response1.getStatusCode().value()).entity(mapper.writeValueAsString(response1.getBody())).type(MediaType.APPLICATION_JSON).build();
}
/* JSON Utility Methods */
private String compose401Message(String message) {
return "{ \"status\" : \"error\", \"code\" : \"401\", \"message\" : \" " + message +" \" }";
}
private String compose404Message(String message) {
return "{ \"status\" : \"error\", \"code\" : \"404\", \"message\" : \" " + message +" \" }";
}
private String compose500Message(String message, Exception exception) {
return "{ \"status\" : \"fail\", \"code\" : \"500\", \"message\" : \" " + message + "\", " +
"\"description\" : \""+ exception.getMessage() +"\" }";
}
private String composeDataResponse(UserInfo user) {
return "{ \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : \"" + JWTGenerator.generateToken(user, "my-very-secret") + "\" }";
}
private String composeDataResponse(MigrationUser user) {
//return "{ \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(user) + " }";
return "{ \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : \"" + JWTGenerator.generateToken(user, "my-very-secret") + "\" }";
}
private String composeDataResponse(LDAPUser user) {
return " { \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(user) + " }";
}
// private String composeDataResponse(String username) {
// return " { \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(username) + " }";
// }
private String composeDataResponse(String fullname) {
return " { \"status\" : \"success\", \"code\": \"200\", " + "\"data\" : " + new Gson().toJson(fullname) + " }";
}
}

View File

@ -0,0 +1,47 @@
package eu.dnetlib.openaire.usermanagement.registry.beans;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
/**
* Created by stefanos on 14/6/2017.
*/
@Configuration
@EnableRedisHttpSession
public class Config {
private static Logger logger = Logger.getLogger(Config.class);
@Value("${redis.host:localhost}")
private String host;
@Value("${redis.port:6379}")
private String port;
@Value("${redis.password:#{null}}")
private String password;
@Bean
public LettuceConnectionFactory connectionFactory() {
logger.info(String.format("Redis connection listens to %s:%s",host,port));
LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));
if(password != null) factory.setPassword(password);
return factory;
}
@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName("SESSION"); // <1>
serializer.setCookiePath("/"); // <2>
serializer.setDomainNamePattern("");
return serializer;
}
}

View File

@ -0,0 +1,87 @@
package eu.dnetlib.openaire.usermanagement.security;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* Created by stefanos on 9/5/2017.
*/
public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
private static final Logger logger = Logger.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class);
private String frontEndURI;
private String frontPath;
private String frontDomain;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IllegalArgumentException, IOException {
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
try {
Cookie jwt = new Cookie("XCsrfToken", JWTGenerator.generateToken(authOIDC, "my-very-secret"));
Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue());
// Expire the cookies in four hours (4 * 3600)
jwt.setMaxAge(14400);
accessToken.setMaxAge(14400);
//TODO DELETE LOG
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
logger.info("access token: " + authOIDC.getAccessTokenValue());
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
jwt.setPath(frontPath);
if (frontDomain!=null) jwt.setDomain(frontDomain);
accessToken.setPath(frontPath);
if (frontDomain!=null) accessToken.setDomain(frontDomain);
response.addCookie(jwt);
response.addCookie(accessToken);
response.sendRedirect(frontEndURI);
} catch (IOException e) {
logger.error("IOException in redirection ", e);
throw new IOException(e);
}catch (IllegalArgumentException e) {
logger.error("IllegalArgumentException in redirection ", e);
throw new IllegalArgumentException(e);
}
}
public String getFrontEndURI() {
return frontEndURI;
}
public void setFrontEndURI(String frontEndURI) {
this.frontEndURI = frontEndURI;
}
public String getFrontPath() {
return frontPath;
}
public void setFrontPath(String frontPath) {
this.frontPath = frontPath;
}
public String getFrontDomain() {
return frontDomain;
}
public void setFrontDomain(String frontDomain) {
this.frontDomain = frontDomain;
}
}

View File

@ -0,0 +1,177 @@
package eu.dnetlib.openaire.usermanagement.security;
import com.google.gson.JsonObject;
import eu.dnetlib.openaire.user.MigrationUser;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.mitre.openid.connect.model.UserInfo;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.text.ParseException;
import java.util.Date;
public class JWTGenerator {
private static final Logger logger = Logger.getLogger(JWTGenerator.class);
public static String generateToken(MigrationUser u, String secret) {
Claims claims = Jwts.claims().setSubject(u.getUsername());
claims.put("fullname", u.getFullname() + "");
claims.put("userId", u.getId() + "");
claims.put("email", u.getEmail() + "");
claims.put("role", u.getRoleId());
//expiration
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
long ttlMillis = 1800000;
long expMillis = nowMillis + ttlMillis;
Date exp = new Date(expMillis);
return Jwts.builder()
.setClaims(claims)
.setExpiration(exp)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
public static String generateToken(OIDCAuthenticationToken authOIDC, String secret) {
try {
JsonObject userInfo = authOIDC.getUserInfo().getSource();
Claims claims = Jwts.claims().setSubject(authOIDC.getUserInfo().getSub());
claims.put("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8") + "");
if (authOIDC.getUserInfo().getGivenName() == null){
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
claims.put("firstname", URLEncoder.encode(" ", "UTF-8") + "");
} else {
claims.put("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");
}
if (authOIDC.getUserInfo().getFamilyName() == null){
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
claims.put("lastname", URLEncoder.encode(" ", "UTF-8") + "");
} else {
claims.put("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");
}
claims.put("email", authOIDC.getUserInfo().getEmail() + "");
// claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
//
// if (userInfo.getAsJsonArray("eduPersonScopedAffiliation").toString() != null) {
// claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");
// }
if (userInfo.getAsJsonArray("edu_person_entitlements") == null){
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role");
claims.put("role", URLEncoder.encode(" ", "UTF-8") + "");
} else {
claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
}
//TODO remove, We don't need it but if we are going to use it, we need to check if the user has affiliation
//claims.put("edu_person_scoped_affiliations", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");
//TODO remove
//TODO THIS IS TEST
// claims.put("fullname", URLEncoder.encode("Σοφία Μπαλτζή", "UTF-8") + "");
// claims.put("firstname", URLEncoder.encode("Σοφία", "UTF-8") + "");
// claims.put("lastname", URLEncoder.encode("Μπαλτζή", "UTF-8") + "");
// claims.put("email", "sofie.mpl@gmail.com" + "");
// claims.put("edu_person_scoped_affiliations", "faculty");
Date exp = new Date(authOIDC.getIdToken().getJWTClaimsSet().getExpirationTime().getTime());
//TODO DELETE LOGS
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
// logger.info("fullName: " + authOIDC.getUserInfo().getName());
// logger.info("firstName: " + authOIDC.getUserInfo().getGivenName());
// logger.info("lastName: " + authOIDC.getUserInfo().getFamilyName());
// logger.info("email: " + authOIDC.getUserInfo().getEmail());
// //logger.info("Check everything");
// logger.info("locale: " + authOIDC.getUserInfo().getSource());
// logger.info("role: " + userInfo.getAsJsonArray("edu_person_entitlements").toString());
// //logger.info("affiliation: " + userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString());
// logger.info("expirationTime: " + exp);
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
return Jwts.builder()
.setClaims(claims)
.setExpiration(exp)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
} catch (ParseException e) {
e.printStackTrace();
logger.error("JWT Parse Exception from getting Expiration Time ", e);
return "error";
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
logger.error("UnsupportedEncodingException UTF-8 ", e);
return "error";
}
}
//TODO DELETE IF IT IS NOT NECESSARY
public static String generateAccessToken(OIDCAuthenticationToken authOIDC, String secret) {
Claims claims = Jwts.claims().setId(authOIDC.getAccessTokenValue());
//TODO DELETE LOGS
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
logger.info("access token: " + authOIDC.getAccessTokenValue());
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
return Jwts.builder()
.setClaims(claims)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
}
public static String generateToken(UserInfo user, String secret) {
try {
JsonObject userInfo = user.getSource();
Claims claims = Jwts.claims().setSubject(user.getSub());
claims.put("email", user.getEmail() + "");
claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
return Jwts.builder()
.setClaims(claims)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
logger.error("UnsupportedEncodingException UTF-8 ", e);
return "error";
}
}
}
// How to add it manually
// long nowMillis = System.currentTimeMillis();
// //This is my token
// try {
// String jwt = Jwts.builder()
// .setSubject("Argiro")
// .setExpiration(new Date(nowMillis+1800000))
// .claim("fullname", "Argiro Kokogianaki")
// .claim("id", "8")
// .claim("email", "argiro@gmail.com")
// .claim("role","2")
// .signWith(
// SignatureAlgorithm.HS512,
// "my-very-secret".getBytes("UTF-8")
// )
// .compact();

View File

@ -0,0 +1,5 @@
redis.host = 127.0.0.1
#redis.port = 6379
#redis.password

View File

@ -0,0 +1,7 @@
oidc.secret = U_gLOupYu2trYIOwfxGgZkkZoOHG_zGfaViOUsXcZ7qVQuF1rcJeQYKIDX1TY3z27CIoHaqq9ht2rmAiUmBRYQ
oidc.id = 24e83176-1312-4ba3-bc0b-ffeebea1603e
oidc.issuer = https://aai.openminted.eu/oidc/
oidc.home = http://rudie.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/openid_connect_login
webbapp.front = http://scoobydoo.di.uoa.gr:5000/reload
webbapp.front.path = /
webbapp.front.domain = .di.uoa.gr

View File

@ -8,8 +8,16 @@
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.2.xsd">
<context:component-scan base-package="eu.dnetlib.openaire.usermanagement.registry.beans"/>
<context:annotation-config />
<import resource="classpath*:/eu/dnetlib/openaire/user/springContext-userManagementService.xml" />
<!--<bean id="webexpressionHandler"-->
<!--class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>-->
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="order" value="2" />
<property name="ignoreUnresolvablePlaceholders" value="true" />
@ -25,13 +33,12 @@
<value>classpath*:/eu/**/applicationContext*.properties</value>
<value>classpath*:/eu/dnetlib/applicationContext-defaultProperties.properties</value>
<value>classpath*:/eu/**/springContext-userManagementService.properties</value>
<value>classpath*:/eu/**/springContext-dnetOpenaireUsersService.properties</value>
<value>classpath*:/eu/**/redis.properties</value>
<value>classpath*:/uoa-override.properties</value>
<value>classpath*:/dnet-override.properties</value>
</list>
</property>
</bean>
<context:annotation-config />
</beans>

View File

@ -1,6 +0,0 @@
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
</beans>

View File

@ -1,34 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- Stateless RESTful services use BASIC authentication -->
<!--<security:http create-session="stateless" pattern="/rest/**">
<security:intercept-url pattern="/**" access="ROLE_REST"/>
<security:http-basic/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="rest" password="rest" authorities="ROLE_REST"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
-->
<!--
<authentication-manager alias="authenticationManager">
<authentication-provider ref="jwtAuthenticationProvider" /> (8)
</authentication-manager>
-->
</beans:beans>

View File

@ -0,0 +1,250 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd"
default-autowire="byName"> -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"
default-autowire="byType">
<!--<bean id="dataSourceConnector" class="eu.dnetlib.openaire.user.store.DataSourceConnector" init-method="init" autowire="byName">-->
<!--<property name="username" value="${openaire.users.db.username}"/>-->
<!--<property name="password" value="${openaire.users.db.password}"/>-->
<!--<property name="dbUrl" value="${openaire.users.db.url}" />-->
<!--<property name="driver" value="${openaire.users.db.driverClassName}" />-->
<!--</bean>-->
<!--<bean id="sqlMigrationUserDAO" class="eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO" autowire="byName"/>-->
<!--<bean id="userVerificationDAO" class="eu.dnetlib.openaire.user.dao.UserVerificationDAO">-->
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
<!--</bean>-->
<!--<bean id="verificationActions" class="eu.dnetlib.openaire.user.utils.VerificationActions">-->
<!--<property name="dataSourceConnector" ref="dataSourceConnector"/>-->
<!--</bean>-->
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
<security:http auto-config="false" use-expressions="true"
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
pattern="/**">
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
<security:logout logout-url="/openid_logout" invalidate-session="true"/>
</security:http>
<bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>
<bean id="webexpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
</security:authentication-manager>
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
<property name="authoritiesMapper">
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
<property name="admins" ref="namedAdmins" />
</bean>
</property>
</bean>
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
<!--
This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER.
Note that having an administrator role on the IdP doesn't grant administrator access on this client.
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
-->
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
<constructor-arg name="subject" value="subject_value" />
<constructor-arg name="issuer" value="${oidc.issuer}" />
</bean>
</util:set>
<bean class="eu.dnetlib.openaire.usermanagement.security.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
<property name="frontEndURI" value="${webbapp.front}"/>
<property name="frontPath" value="${webbapp.front.path}"/>
<property name="frontDomain" value="${webbapp.front.domain:#{null}}"/>
</bean>
<!--<bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>-->
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
<!--<property name="filterProcessesUrl" value="/logout"/>-->
<!--<constructor-arg index="0" value="/"/>-->
<!--<constructor-arg index="1">-->
<!--<list>-->
<!--<ref bean="securityContextLogoutHandler"/>-->
<!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->
<!--</list>-->
<!--</constructor-arg>-->
<!--</bean>-->
<!--<bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURILogoutSuccessHandler" id="frontEndRedirectLogout"/>-->
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
<!--<property name="filterProcessesUrl" value="/logout"/>-->
<!--<constructor-arg index="0" value="/"/>-->
<!--<constructor-arg index="1">-->
<!--<list>-->
<!--<ref bean="securityContextLogoutHandler"/>-->
<!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->
<!--</list>-->
<!--</constructor-arg>-->
<!--</bean>-->
<!--
-
- The authentication filter
-
-->
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="issuerService" ref="staticIssuerService" />
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
</bean>
<!--
Static issuer service, returns the same issuer for every request.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
<property name="issuer" value="${oidc.issuer}" />
</bean>
<!--
Dynamic server configuration, fetches the server's information using OIDC Discovery.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
<property name="servers">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
<property name="issuer" value="${oidc.issuer}" />
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
<property name="jwksUri" value="${oidc.issuer}jwk" />
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
</bean>
</entry>
</map>
</property>
</bean>
<!--
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="${oidc.id}" />
<property name="clientSecret" value="${oidc.secret}" />
<property name="scope">
<set value-type="java.lang.String">
<value>openid</value>
</set>
</property> xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
<property name="redirectUris">
<set>
<value>${oidc.home}</value>
</set>
</property>
</bean>
</entry>
</map>
</property>
</bean>
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="${oidc.id}" />
<property name="clientSecret" value="${oidc.secret}" />
<property name="scope">
<set value-type="java.lang.String">
<value>openid</value>
</set>
</property>
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
<property name="redirectUris">
<set>
<value>${oidc.home}</value>
</set>
</property>
</bean>
</entry>
</map>
</property>
</bean>
<!--
-
- Auth request options service: returns the optional components of the request
-
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
<property name="options">
<map>
<!-- Entries in this map are sent as key-value parameters to the auth request -->
<!--
<entry key="display" value="page" />
<entry key="max_age" value="30" />
<entry key="prompt" value="none" />
-->
</map>
</property>
</bean>
<!--
Plain authorization request builder, puts all options as query parameters on the GET request
-->
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
<context:component-scan base-package="eu.dnetlib.openaire.user.api.services" />
<context:component-scan base-package="eu.dnetlib.openaire.usermanagement.registry.beans" />
<context:annotation-config></context:annotation-config>
</beans>

View File

@ -2,15 +2,11 @@
<web-app>
<display-name>uoa-user-management</display-name>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>uoa-user-management</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/security-context.xml
/WEB-INF/springContext-dnetOpenaireUsersService.xml
</param-value>
</context-param>
<context-param>
@ -63,17 +59,17 @@
<url-pattern>/register</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Register2Servlet</servlet-name>
<display-name>Register2</display-name>
<servlet-class>eu.dnetlib.openaire.usermanagement.Register2Servlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!--<servlet>-->
<!--<servlet-name>Register2Servlet</servlet-name>-->
<!--<display-name>Register2</display-name>-->
<!--<servlet-class>eu.dnetlib.openaire.usermanagement.Register2Servlet</servlet-class>-->
<!--<load-on-startup>1</load-on-startup>-->
<!--</servlet>-->
<servlet-mapping>
<servlet-name>Register2Servlet</servlet-name>
<url-pattern>/register2</url-pattern>
</servlet-mapping>
<!--<servlet-mapping>-->
<!--<servlet-name>Register2Servlet</servlet-name>-->
<!--<url-pattern>/register2</url-pattern>-->
<!--</servlet-mapping>-->
<servlet>
<servlet-name>VerificationCodeServlet</servlet-name>
@ -150,6 +146,17 @@
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSessionRepositoryFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSessionRepositoryFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
@ -160,4 +167,14 @@
<url-pattern>/*</url-pattern>
</filter-mapping>
<error-page>
<error-code>500</error-code>
<location>/error.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/error404.jsp</location>
</error-page>
</web-app>

View File

@ -45,7 +45,7 @@
<%--<div class="uk-text-meta uk-margin-large-bottom">Use the same credentials for all our services</div>--%>
<div class="tm-main uk-width-1-1@s uk-width-1-1@m uk-width-1-1@l uk-row-first uk-first-column">
<div class="uk-width-1-1">
<h3 class="uk-h3 uk-text-danger">Oops! Something went wrong</h3>
<h3 class="uk-h3 uk-text-danger">Oops! Something went wrong!</h3>
<div class="middle-box loginscreen animated fadeInDown uk-text-left ">
<p>Something went wrong. Please try again later or contact OpenAIRE <a href="https://www.openaire.eu/support/helpdesk">helpdesk</a>. We apologize for the inconvenience.</p>
</div>
@ -56,17 +56,28 @@
</div>
<!-- CONTENT ENDS HERE -->
<!-- FOOTER STARTS HERE-->
<div class="custom-footer">
<div class="uk-section-primary uk-section uk-section-small uk-padding-remove-bottom">
<div class="custom-footer" style="z-index: 200;">
<div class="uk-section-primary uk-section uk-section-small">
<div class="uk-container">
<div class="uk-grid-margin uk-grid uk-grid-stack" uk-grid="">
<div class="uk-width-expand@m uk-light uk-first-column">
FOOTER???
<div class="uk-width-1-1@m uk-first-column">
<div class="uk-margin uk-margin-remove-top uk-margin-remove-bottom uk-text-center">
<img alt="OpenAIRE" class="el-image" src="./images/Logo_Horizontal_white_small.png">
</div>
<div class="footer-license uk-margin uk-margin-remove-bottom uk-text-center uk-text-lead">
<div><a href="http://creativecommons.org/licenses/by/4.0/" target="_blank" rel="license"><img alt="Creative" src="./images/80x15.png" style="height: auto; max-width: 100%; vertical-align: middle;"></a>&nbsp;UNLESS OTHERWISE INDICATED, ALL MATERIALS CREATED BY THE OPENAIRE CONSORTIUM ARE LICENSED UNDER A&nbsp;<a href="http://creativecommons.org/licenses/by/4.0/" rel="license">CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE</a>.</div>
<div>OPENAIRE IS POWERED BY&nbsp;<a href="http://www.d-net.research-infrastructures.eu/">D-NET</a>.</div>
</div>
<div class="uk-margin uk-margin-remove-top uk-margin-remove-bottom uk-text-right">
<a class="uk-totop uk-icon" href="#" uk-scroll="" uk-totop="">
</a>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- FOOTER ENDS HERE -->
</div>
</body>
</html>

View File

@ -0,0 +1,76 @@
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<!DOCTYPE html>
<html lang="en-gb" dir="ltr" vocab="http://schema.org/">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<base href=".">
<title>OpenAIRE Single Sign-On Service</title>
<script src="./js/jquery.js"></script>
<script src="./js/uikit.js"></script>
<script src="./js/validation.js"></script>
<link rel="stylesheet" style="text/css" href="./css/theme.css">
<link rel="stylesheet" style="text/css" href="./css/custom.css">
<link rel="stylesheet" style="text/css" href="./css/aai-custom.css">
</head>
<body class="" style="">
<div class="uk-offcanvas-content uk-height-viewport">
<div class="tm-header tm-header-transparent">
<div class="uk-container uk-container-expand">
<nav class="uk-navbar" uk-navbar="{&quot;align&quot;:&quot;left&quot;}">
<div class="uk-navbar-center">
<div class="uk-logo uk-navbar-item">
<img alt="OpenAIRE" class="uk-responsive-height" src="./images/Logo_Horizontal.png">
</div>
</div>
</nav>
</div>
</div>
<!-- CONTENT STARTS HERE -->
<div class="first_page_section uk-section-default uk-section uk-padding-remove-vertical">
<div class="first_page_banner_headline uk-grid-collapse uk-flex-middle uk-margin-remove-vertical uk-grid">
</div>
</div>
<div class=" uk-section uk-margin-small-top tm-middle custom-main-content" id="tm-main">
<div class="uk-container uk-container-small uk-margin-medium-top uk-margin-small-bottom uk-text-center">
<%--<h2 class="uk-h2 uk-margin-small-bottom">Welcome to our Single Sign-On service</h2>--%>
<%--<div class="uk-text-meta uk-margin-large-bottom">Use the same credentials for all our services</div>--%>
<div class="tm-main uk-width-1-1@s uk-width-1-1@m uk-width-1-1@l uk-row-first uk-first-column">
<div class="uk-width-1-1">
<h3 class="uk-h3 uk-text-danger">404 - Oops! Something went wrong!</h3>
<div class="middle-box loginscreen animated fadeInDown uk-text-left ">
<p>404 Error! The requested page is not found.</p>
</div>
</div>
</div>
</div>
</div>
<!-- CONTENT ENDS HERE -->
<!-- FOOTER STARTS HERE-->
<div class="custom-footer" style="z-index: 200;">
<div class="uk-section-primary uk-section uk-section-small">
<div class="uk-container">
<div class="uk-grid-margin uk-grid uk-grid-stack" uk-grid="">
<div class="uk-width-1-1@m uk-first-column">
<div class="uk-margin uk-margin-remove-top uk-margin-remove-bottom uk-text-center">
<img alt="OpenAIRE" class="el-image" src="./images/Logo_Horizontal_white_small.png">
</div>
<div class="footer-license uk-margin uk-margin-remove-bottom uk-text-center uk-text-lead">
<div><a href="http://creativecommons.org/licenses/by/4.0/" target="_blank" rel="license"><img alt="Creative" src="./images/80x15.png" style="height: auto; max-width: 100%; vertical-align: middle;"></a>&nbsp;UNLESS OTHERWISE INDICATED, ALL MATERIALS CREATED BY THE OPENAIRE CONSORTIUM ARE LICENSED UNDER A&nbsp;<a href="http://creativecommons.org/licenses/by/4.0/" rel="license">CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE</a>.</div>
<div>OPENAIRE IS POWERED BY&nbsp;<a href="http://www.d-net.research-infrastructures.eu/">D-NET</a>.</div>
</div>
<div class="uk-margin uk-margin-remove-top uk-margin-remove-bottom uk-text-right">
<a class="uk-totop uk-icon" href="#" uk-scroll="" uk-totop="">
</a>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- FOOTER ENDS HERE -->
</div>
</body>
</html>

View File

@ -1,5 +1,6 @@
<html>
<body>
<h2>Hello World!</h2>
<h4>${pageContext.session.id}</h4>
</body>
</html>