diff --git a/pom.xml b/pom.xml index 90726fa..06d1fe7 100644 --- a/pom.xml +++ b/pom.xml @@ -52,6 +52,16 @@ jstl 1.2 + + javax.servlet + javax.servlet-api + 3.0.1 + + + eu.dnetlib + uoa-user-management + 2.0.0-SNAPSHOT + org.springframework.security spring-security-core @@ -72,12 +82,6 @@ gson 2.6.2 - - javax.servlet - javax.servlet-api - 3.0.1 - provided - commons-io commons-io diff --git a/src/main/java/eu/dnetlib/openaire/usermanagement/PersonalTokenServlet.java b/src/main/java/eu/dnetlib/openaire/usermanagement/PersonalTokenServlet.java new file mode 100644 index 0000000..6eb3569 --- /dev/null +++ b/src/main/java/eu/dnetlib/openaire/usermanagement/PersonalTokenServlet.java @@ -0,0 +1,33 @@ +package eu.dnetlib.openaire.usermanagement; + +import org.mitre.openid.connect.model.OIDCAuthenticationToken; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.context.support.SpringBeanAutowiringSupport; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.Response; +import java.io.IOException; +import java.io.PrintWriter; + +public class PersonalTokenServlet extends HttpServlet { + + public void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html"); + PrintWriter printWriter = response.getWriter(); + + OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + System.out.println(authentication); + + request.getSession().setAttribute("accessToken", authentication.getAccessTokenValue()); + request.getSession().setAttribute("refreshToken", authentication.getRefreshTokenValue()); + System.out.println("LALALLALLALALALA" + authentication.getAccessTokenValue()); + + request.getRequestDispatcher("./personal.jsp").include(request, response); + } +} diff --git a/src/main/java/eu/dnetlib/openaire/usermanagement/api/Test3Service.java b/src/main/java/eu/dnetlib/openaire/usermanagement/api/Test3Service.java index 9c52cf7..f24364c 100644 --- a/src/main/java/eu/dnetlib/openaire/usermanagement/api/Test3Service.java +++ b/src/main/java/eu/dnetlib/openaire/usermanagement/api/Test3Service.java @@ -8,7 +8,8 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO; import eu.dnetlib.openaire.user.ldap.MUserActionsLDAP; -import eu.dnetlib.openaire.user.login.utils.AuthoritiesMapper; +//import eu.dnetlib.openaire.user.login.utils.AuthoritiesMapper; +import eu.dnetlib.openaire.user.login.authorization.OpenAIREAuthoritiesMapper; import eu.dnetlib.openaire.user.pojos.migration.LDAPUser; import eu.dnetlib.openaire.user.store.DataSourceConnector; import org.apache.commons.io.IOUtils; @@ -25,6 +26,7 @@ import org.mitre.openid.connect.model.UserInfo; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.*; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; @@ -32,10 +34,12 @@ import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.client.DefaultResponseErrorHandler; import org.springframework.web.client.RestTemplate; +import javax.servlet.http.HttpServletRequest; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; +import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.io.IOException; @@ -46,6 +50,7 @@ import java.util.ArrayList; import java.util.HashSet; import java.util.List; import java.util.Set; +import eu.dnetlib.openaire.user.login.utils.AuthoritiesMapper; /** * Created by sofia on 24/11/2016. @@ -56,6 +61,9 @@ public class Test3Service { private static final Logger logger = Logger.getLogger(Test3Service.class); + public static final String errorMessage = "{ \"status\" : \"error\", \"code\" : \"%s\", \"message\" : \"%s\", \"description\" : \"%s\" }"; + + @Autowired private SQLMigrationUserDAO sqlMigrationUserDAO; @@ -74,6 +82,76 @@ public class Test3Service { @Value("${oidc.id}") private String id; + @GET + @PreAuthorize("hasAuthority('ROLE_USER')") + @Path("/getRefreshToken") + public Response getRefreshToken(){ + OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + return Response.status(200).entity(authentication.getRefreshTokenValue()).build(); + } + + @GET + @PreAuthorize("hasAuthority('ROLE_USER')") + @Path("/getJWTToken") + public Response getAccessToken(){ + OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + return Response.status(200).entity(authentication.getAccessTokenValue()).build(); + } + + @GET + @Path("/getAccessToken") + @Produces(MediaType.APPLICATION_JSON) + public Response getAccessTokenFromRefreshToken(@Context final HttpServletRequest request){ + + String header = request.getHeader("Authorization"); + + if (header == null || !header.startsWith("Bearer ")) { + return Response.status(Response.Status.BAD_REQUEST) + .entity(String.format(errorMessage, 400, "No JWT token found in request headers", "No JWT token found in request headers")).build(); + } + + String refreshToken = header.substring(7); + CloseableHttpClient httpclient = HttpClients.createDefault(); + HttpPost httppost = new HttpPost(issuer+"/token"); + + // Request parameters and other properties. + List params = new ArrayList(); + params.add(new BasicNameValuePair("client_id", id)); + params.add(new BasicNameValuePair("client_secret", secret)); + params.add(new BasicNameValuePair("grant_type", "refresh_token")); + params.add(new BasicNameValuePair("refresh_token", refreshToken)); + params.add(new BasicNameValuePair("scope", "openid email profile offline_access")); + + HttpResponse response = null; + + try { + httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8")); + //Execute and get the response. + + response = httpclient.execute(httppost); + + org.apache.http.HttpEntity entity = response.getEntity(); + logger.debug("entity " + response.getEntity()); + + logger.debug("I am here"); + String serverMessage = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8.name()); + + return Response.status(response.getStatusLine().getStatusCode()) + .entity(serverMessage).type(MediaType.APPLICATION_JSON).build(); + + } catch (UnsupportedEncodingException uee) { + logger.error(uee); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(errorMessage, 500, "Fail to get access token.", uee.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + + } catch (IOException ioe) { + logger.error(ioe); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(errorMessage, 500, "Fail to get access token.", ioe.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + + } + } + @GET @Path("/getToken") @Produces(MediaType.APPLICATION_JSON) @@ -101,11 +179,16 @@ public class Test3Service { } } - } catch (UnsupportedEncodingException e) { - logger.error(e); + } catch (UnsupportedEncodingException uee) { + logger.error(uee); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(errorMessage, 500, "Fail to get access token.", uee.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + + } catch (IOException ioe) { + logger.error(ioe); + return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(errorMessage, 500, "Fail to get access token.", ioe.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); - } catch (IOException e) { - logger.error(e); } return Response.status(200).type(MediaType.APPLICATION_JSON).build(); diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml index 70ba31a..0a90418 100644 --- a/src/main/webapp/WEB-INF/web.xml +++ b/src/main/webapp/WEB-INF/web.xml @@ -142,6 +142,17 @@ /verifyToDelete + + PersonalTokenServlet + Activate + eu.dnetlib.openaire.usermanagement.PersonalTokenServlet + 1 + + + + PersonalTokenServlet + /personalToken + CorsFilter @@ -185,7 +196,7 @@ /* - + diff --git a/src/main/webapp/personal.jsp b/src/main/webapp/personal.jsp new file mode 100644 index 0000000..a1e71db --- /dev/null +++ b/src/main/webapp/personal.jsp @@ -0,0 +1,104 @@ + +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> + + + + + + OpenAIRE - Forgot password + + + + + + + + + + + + +
+ + +
+
+ +
+
+ + +
+
+
+
+
+
+
+
+ +
+ +
+ +
+ +

+ Your personal access token is + 

${accessToken}
+

+ +

+ Your refresh token is + 

${refreshToken}
+

+ +
+

Do not share your personal access token. Send your personal access token only over HTTPS.

+
+ +
+ For further information on how to use the tokens please visit the OpenAIRE API Authentication documentation. +
+
+ +
+
+ +
+
+
+
+
+ + +
+
+
+
+
+
+ OpenAIRE +
+
+
Creative UNLESS OTHERWISE INDICATED, ALL MATERIALS CREATED BY THE OPENAIRE CONSORTIUM ARE LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE.
+
OPENAIRE IS POWERED BY D-NET.
+
+
+ + +
+
+
+
+
+
+ + +