securing edit delete
This commit is contained in:
parent
ccb0ca193e
commit
46af960f38
|
@ -1,6 +1,7 @@
|
|||
package eu.dnetlib.openaire.usermanagement;
|
||||
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
@ -19,6 +20,7 @@ public class OverviewServlet extends HttpServlet {
|
|||
|
||||
if (isAuthenticated) {
|
||||
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0));
|
||||
name.append(authentication.getUserInfo().getFamilyName().charAt(0));
|
||||
request.getSession().setAttribute("authenticated", isAuthenticated);
|
||||
|
|
|
@ -195,7 +195,9 @@ public class RegisterServiceServlet extends HttpServlet {
|
|||
|
||||
if (mode.equals("create")) {
|
||||
//Careful! Redirects in method
|
||||
checkNumberOfRegisteredServices(request, response, authentication);
|
||||
if (!checkNumberOfRegisteredServices(request, response, authentication)) {
|
||||
return;
|
||||
}
|
||||
String serverRequestJSON = null;
|
||||
if(keyType == null) {
|
||||
serverRequestJSON = createServiceJson(null, name, email);
|
||||
|
@ -223,7 +225,7 @@ public class RegisterServiceServlet extends HttpServlet {
|
|||
if(registeredService.getKeyType() != null) {
|
||||
request.getSession().setAttribute("success",
|
||||
"Your service has been successfully registered!<br>" +
|
||||
"<b>Client ID<b>: " + serviceResponse.getClientId());
|
||||
"<b>Client ID</b>: " + serviceResponse.getClientId());
|
||||
} else {
|
||||
request.getSession().setAttribute("success",
|
||||
"Your service has been successfully registered!<br>" +
|
||||
|
@ -256,61 +258,63 @@ public class RegisterServiceServlet extends HttpServlet {
|
|||
if (!registeredServicesUtils.isAuthorized(authentication.getSub(), serviceIdInt)) {
|
||||
request.getSession().setAttribute("message", "You have no permission to edit the service.");
|
||||
response.sendRedirect("./registeredServices");
|
||||
}
|
||||
|
||||
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(serviceIdInt);
|
||||
if (registeredService != null && registeredService.getClientId() != null) {
|
||||
String serverRequestJSON = null;
|
||||
if (keyType == null) {
|
||||
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email);
|
||||
} else if (keyType.equals("uri")) {
|
||||
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwksUri);
|
||||
} else if (keyType.equals("value")) {
|
||||
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwks);
|
||||
}
|
||||
if (serverRequestJSON != null) {
|
||||
System.out.println("SERVER JSON " + serverRequestJSON);
|
||||
HttpResponse resp = tokenUtils.updateService(registeredService.getClientId(), serverRequestJSON, registeredService.getRegistrationAccessToken());
|
||||
if (resp.getStatusLine().getStatusCode() == 200) {
|
||||
System.out.println("NAME >>>>" + name);
|
||||
registeredService.setName(name);
|
||||
} else {
|
||||
|
||||
System.out.println("Client Id " + registeredService.getClientId());
|
||||
try {
|
||||
registeredServicesUtils.getRegisteredServiceDao().update(registeredService);
|
||||
} catch (SQLException sqle) {
|
||||
logger.error("Unable to contact db.", sqle);
|
||||
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
|
||||
response.setContentType("text/html");
|
||||
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
|
||||
return;
|
||||
}
|
||||
request.getSession().setAttribute("success",
|
||||
"Your service has been successfully updated!<br>" +
|
||||
"<b>Client ID</b>: " + registeredService.getClientId());
|
||||
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(serviceIdInt);
|
||||
if (registeredService != null && registeredService.getClientId() != null) {
|
||||
String serverRequestJSON = null;
|
||||
if (keyType == null) {
|
||||
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email);
|
||||
} else if (keyType.equals("uri")) {
|
||||
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwksUri);
|
||||
} else if (keyType.equals("value")) {
|
||||
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwks);
|
||||
}
|
||||
if (serverRequestJSON != null) {
|
||||
System.out.println("SERVER JSON " + serverRequestJSON);
|
||||
HttpResponse resp = tokenUtils.updateService(registeredService.getClientId(), serverRequestJSON, registeredService.getRegistrationAccessToken());
|
||||
if (resp.getStatusLine().getStatusCode() == 200) {
|
||||
System.out.println("NAME >>>>" + name);
|
||||
registeredService.setName(name);
|
||||
|
||||
System.out.println("Client Id " + registeredService.getClientId());
|
||||
try {
|
||||
registeredServicesUtils.getRegisteredServiceDao().update(registeredService);
|
||||
} catch (SQLException sqle) {
|
||||
logger.error("Unable to contact db.", sqle);
|
||||
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
|
||||
response.setContentType("text/html");
|
||||
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
|
||||
return;
|
||||
}
|
||||
request.getSession().setAttribute("success",
|
||||
"Your service has been successfully updated!<br>" +
|
||||
"<b>Client ID</b>: " + registeredService.getClientId());
|
||||
}
|
||||
|
||||
} else {
|
||||
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
||||
response.sendRedirect("./registeredServices");
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
||||
logger.error("Service request JSON is null");
|
||||
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
||||
response.sendRedirect("./registeredServices");
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
logger.error("Service request JSON is null");
|
||||
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
||||
response.sendRedirect("./registeredServices");
|
||||
return;
|
||||
}
|
||||
} catch(SQLException sqle){
|
||||
logger.error("Unable to access service with id " + serviceId, sqle);
|
||||
request.getSession().setAttribute("message", "There was an error accessing your service.");
|
||||
response.sendRedirect("./registeredServices");
|
||||
} catch(SQLException sqle){
|
||||
logger.error("Unable to access service with id " + serviceId, sqle);
|
||||
request.getSession().setAttribute("message", "There was an error accessing your service.");
|
||||
response.sendRedirect("./registeredServices");
|
||||
|
||||
} catch(NumberFormatException nfe){
|
||||
logger.error("Unable to access service with id " + serviceId, nfe);
|
||||
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
||||
response.sendRedirect("./registeredServices");
|
||||
}
|
||||
} catch(NumberFormatException nfe){
|
||||
logger.error("Unable to access service with id " + serviceId, nfe);
|
||||
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
||||
response.sendRedirect("./registeredServices");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -358,21 +362,24 @@ public class RegisterServiceServlet extends HttpServlet {
|
|||
return name != null && !name.isEmpty();
|
||||
}
|
||||
|
||||
private void checkNumberOfRegisteredServices(HttpServletRequest request, HttpServletResponse response, OIDCAuthenticationToken authentication) throws IOException {
|
||||
private boolean checkNumberOfRegisteredServices(HttpServletRequest request, HttpServletResponse response, OIDCAuthenticationToken authentication) throws IOException {
|
||||
try {
|
||||
long numberOfRegisteredServices =
|
||||
registeredServicesUtils.getRegisteredServiceDao().countRegisteredServices(authentication.getSub());
|
||||
|
||||
if (numberOfRegisteredServices >= 5) {
|
||||
response.sendRedirect("./registeredServices"); // The message there already exists.
|
||||
return false;
|
||||
}
|
||||
|
||||
} catch (SQLException sqle) {
|
||||
logger.error("Unable to count registered services.", sqle);
|
||||
request.getSession().setAttribute("message", "Unable to contact DB. Please try again later.");
|
||||
response.sendRedirect("./registeredServices");
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private static String createServiceJson(String clientId, String name, String email) {
|
||||
|
|
|
@ -155,6 +155,6 @@ public class RegisteredServicesServlet extends HttpServlet {
|
|||
}
|
||||
|
||||
private boolean reachedMaximumNumberOfServices(List<RegisteredService> registeredServices) {
|
||||
return registeredServices.size() == 5;
|
||||
return registeredServices.size() >= 5;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package eu.dnetlib.openaire.usermanagement.utils;
|
||||
|
||||
import com.google.gson.JsonParser;
|
||||
import eu.dnetlib.openaire.usermanagement.api.Test3Service;
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.apache.http.HttpResponse;
|
||||
import org.apache.http.NameValuePair;
|
||||
|
@ -9,7 +10,9 @@ import org.apache.http.client.methods.HttpPost;
|
|||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
import org.apache.http.impl.client.HttpClients;
|
||||
import org.apache.http.message.BasicNameValuePair;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
@ -24,6 +27,18 @@ import java.util.regex.Matcher;
|
|||
import java.util.regex.Pattern;
|
||||
|
||||
public class AuthenticationUtils {
|
||||
|
||||
@Value("${oidc.issuer}")
|
||||
private String issuer;
|
||||
|
||||
@Value("${oidc.secret}")
|
||||
private String secret;
|
||||
|
||||
@Value("${oidc.id}")
|
||||
private String id;
|
||||
|
||||
private Logger logger = Logger.getLogger(AuthenticationUtils.class);
|
||||
|
||||
public static boolean isAuthenticated(OIDCAuthenticationToken authenticationToken) {
|
||||
if (authenticationToken != null) {
|
||||
return true;
|
||||
|
@ -38,4 +53,50 @@ public class AuthenticationUtils {
|
|||
long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong();
|
||||
return (exp - (new Date().getTime()/1000)<=0);
|
||||
}
|
||||
|
||||
/*
|
||||
public void refreshAccessToken(String refreshToken) {
|
||||
//TODO fix this
|
||||
if (refreshToken == null || refreshToken.isEmpty()) {
|
||||
return;
|
||||
}
|
||||
|
||||
CloseableHttpClient httpclient = HttpClients.createDefault();
|
||||
HttpPost httppost = new HttpPost(issuer+"/token");
|
||||
|
||||
// Request parameters and other properties.
|
||||
List<NameValuePair> params = new ArrayList<NameValuePair>();
|
||||
params.add(new BasicNameValuePair("client_id", id));
|
||||
params.add(new BasicNameValuePair("client_secret", secret));
|
||||
params.add(new BasicNameValuePair("grant_type", "refresh_token"));
|
||||
params.add(new BasicNameValuePair("refresh_token", refreshToken));
|
||||
params.add(new BasicNameValuePair("scope", "openid"));
|
||||
|
||||
HttpResponse response = null;
|
||||
|
||||
try {
|
||||
httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
|
||||
//Execute and get the response.
|
||||
response = httpclient.execute(httppost);
|
||||
org.apache.http.HttpEntity entity = response.getEntity();
|
||||
|
||||
//TODO fix this
|
||||
if (response.getStatusLine().getStatusCode() == 401) {
|
||||
return;
|
||||
}
|
||||
|
||||
String serverMessage = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8.name());
|
||||
|
||||
} catch (UnsupportedEncodingException uee) {
|
||||
logger.error(uee);
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(, 500, "Fail to get access token.", uee.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (IOException ioe) {
|
||||
logger.error(ioe);
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(, 500, "Fail to get access token.", ioe.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
|
||||
}
|
||||
}*/
|
||||
}
|
||||
|
|
|
@ -166,7 +166,7 @@
|
|||
<button id="create" type="submit" class="uk-button uk-button-primary" onclick="return validate();">
|
||||
<c:choose>
|
||||
<c:when test="${not empty param.id}">
|
||||
Edit service
|
||||
Update service
|
||||
</c:when>
|
||||
<c:otherwise>
|
||||
Add new service
|
||||
|
|
Loading…
Reference in New Issue