securing edit delete
This commit is contained in:
parent
ccb0ca193e
commit
46af960f38
|
@ -1,6 +1,7 @@
|
||||||
package eu.dnetlib.openaire.usermanagement;
|
package eu.dnetlib.openaire.usermanagement;
|
||||||
|
|
||||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
|
@ -19,6 +20,7 @@ public class OverviewServlet extends HttpServlet {
|
||||||
|
|
||||||
if (isAuthenticated) {
|
if (isAuthenticated) {
|
||||||
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
||||||
|
|
||||||
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0));
|
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0));
|
||||||
name.append(authentication.getUserInfo().getFamilyName().charAt(0));
|
name.append(authentication.getUserInfo().getFamilyName().charAt(0));
|
||||||
request.getSession().setAttribute("authenticated", isAuthenticated);
|
request.getSession().setAttribute("authenticated", isAuthenticated);
|
||||||
|
|
|
@ -195,7 +195,9 @@ public class RegisterServiceServlet extends HttpServlet {
|
||||||
|
|
||||||
if (mode.equals("create")) {
|
if (mode.equals("create")) {
|
||||||
//Careful! Redirects in method
|
//Careful! Redirects in method
|
||||||
checkNumberOfRegisteredServices(request, response, authentication);
|
if (!checkNumberOfRegisteredServices(request, response, authentication)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
String serverRequestJSON = null;
|
String serverRequestJSON = null;
|
||||||
if(keyType == null) {
|
if(keyType == null) {
|
||||||
serverRequestJSON = createServiceJson(null, name, email);
|
serverRequestJSON = createServiceJson(null, name, email);
|
||||||
|
@ -223,7 +225,7 @@ public class RegisterServiceServlet extends HttpServlet {
|
||||||
if(registeredService.getKeyType() != null) {
|
if(registeredService.getKeyType() != null) {
|
||||||
request.getSession().setAttribute("success",
|
request.getSession().setAttribute("success",
|
||||||
"Your service has been successfully registered!<br>" +
|
"Your service has been successfully registered!<br>" +
|
||||||
"<b>Client ID<b>: " + serviceResponse.getClientId());
|
"<b>Client ID</b>: " + serviceResponse.getClientId());
|
||||||
} else {
|
} else {
|
||||||
request.getSession().setAttribute("success",
|
request.getSession().setAttribute("success",
|
||||||
"Your service has been successfully registered!<br>" +
|
"Your service has been successfully registered!<br>" +
|
||||||
|
@ -256,61 +258,63 @@ public class RegisterServiceServlet extends HttpServlet {
|
||||||
if (!registeredServicesUtils.isAuthorized(authentication.getSub(), serviceIdInt)) {
|
if (!registeredServicesUtils.isAuthorized(authentication.getSub(), serviceIdInt)) {
|
||||||
request.getSession().setAttribute("message", "You have no permission to edit the service.");
|
request.getSession().setAttribute("message", "You have no permission to edit the service.");
|
||||||
response.sendRedirect("./registeredServices");
|
response.sendRedirect("./registeredServices");
|
||||||
}
|
|
||||||
|
|
||||||
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(serviceIdInt);
|
} else {
|
||||||
if (registeredService != null && registeredService.getClientId() != null) {
|
|
||||||
String serverRequestJSON = null;
|
|
||||||
if (keyType == null) {
|
|
||||||
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email);
|
|
||||||
} else if (keyType.equals("uri")) {
|
|
||||||
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwksUri);
|
|
||||||
} else if (keyType.equals("value")) {
|
|
||||||
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwks);
|
|
||||||
}
|
|
||||||
if (serverRequestJSON != null) {
|
|
||||||
System.out.println("SERVER JSON " + serverRequestJSON);
|
|
||||||
HttpResponse resp = tokenUtils.updateService(registeredService.getClientId(), serverRequestJSON, registeredService.getRegistrationAccessToken());
|
|
||||||
if (resp.getStatusLine().getStatusCode() == 200) {
|
|
||||||
System.out.println("NAME >>>>" + name);
|
|
||||||
registeredService.setName(name);
|
|
||||||
|
|
||||||
System.out.println("Client Id " + registeredService.getClientId());
|
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(serviceIdInt);
|
||||||
try {
|
if (registeredService != null && registeredService.getClientId() != null) {
|
||||||
registeredServicesUtils.getRegisteredServiceDao().update(registeredService);
|
String serverRequestJSON = null;
|
||||||
} catch (SQLException sqle) {
|
if (keyType == null) {
|
||||||
logger.error("Unable to contact db.", sqle);
|
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email);
|
||||||
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
|
} else if (keyType.equals("uri")) {
|
||||||
response.setContentType("text/html");
|
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwksUri);
|
||||||
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
|
} else if (keyType.equals("value")) {
|
||||||
return;
|
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwks);
|
||||||
}
|
|
||||||
request.getSession().setAttribute("success",
|
|
||||||
"Your service has been successfully updated!<br>" +
|
|
||||||
"<b>Client ID</b>: " + registeredService.getClientId());
|
|
||||||
}
|
}
|
||||||
|
if (serverRequestJSON != null) {
|
||||||
|
System.out.println("SERVER JSON " + serverRequestJSON);
|
||||||
|
HttpResponse resp = tokenUtils.updateService(registeredService.getClientId(), serverRequestJSON, registeredService.getRegistrationAccessToken());
|
||||||
|
if (resp.getStatusLine().getStatusCode() == 200) {
|
||||||
|
System.out.println("NAME >>>>" + name);
|
||||||
|
registeredService.setName(name);
|
||||||
|
|
||||||
|
System.out.println("Client Id " + registeredService.getClientId());
|
||||||
|
try {
|
||||||
|
registeredServicesUtils.getRegisteredServiceDao().update(registeredService);
|
||||||
|
} catch (SQLException sqle) {
|
||||||
|
logger.error("Unable to contact db.", sqle);
|
||||||
|
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
|
||||||
|
response.setContentType("text/html");
|
||||||
|
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
request.getSession().setAttribute("success",
|
||||||
|
"Your service has been successfully updated!<br>" +
|
||||||
|
"<b>Client ID</b>: " + registeredService.getClientId());
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
||||||
|
response.sendRedirect("./registeredServices");
|
||||||
|
return;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
logger.error("Service request JSON is null");
|
||||||
|
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
||||||
response.sendRedirect("./registeredServices");
|
response.sendRedirect("./registeredServices");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
logger.error("Service request JSON is null");
|
|
||||||
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
|
||||||
response.sendRedirect("./registeredServices");
|
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
} catch(SQLException sqle){
|
} catch(SQLException sqle){
|
||||||
logger.error("Unable to access service with id " + serviceId, sqle);
|
logger.error("Unable to access service with id " + serviceId, sqle);
|
||||||
request.getSession().setAttribute("message", "There was an error accessing your service.");
|
request.getSession().setAttribute("message", "There was an error accessing your service.");
|
||||||
response.sendRedirect("./registeredServices");
|
response.sendRedirect("./registeredServices");
|
||||||
|
|
||||||
} catch(NumberFormatException nfe){
|
} catch(NumberFormatException nfe){
|
||||||
logger.error("Unable to access service with id " + serviceId, nfe);
|
logger.error("Unable to access service with id " + serviceId, nfe);
|
||||||
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
||||||
response.sendRedirect("./registeredServices");
|
response.sendRedirect("./registeredServices");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -358,21 +362,24 @@ public class RegisterServiceServlet extends HttpServlet {
|
||||||
return name != null && !name.isEmpty();
|
return name != null && !name.isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
private void checkNumberOfRegisteredServices(HttpServletRequest request, HttpServletResponse response, OIDCAuthenticationToken authentication) throws IOException {
|
private boolean checkNumberOfRegisteredServices(HttpServletRequest request, HttpServletResponse response, OIDCAuthenticationToken authentication) throws IOException {
|
||||||
try {
|
try {
|
||||||
long numberOfRegisteredServices =
|
long numberOfRegisteredServices =
|
||||||
registeredServicesUtils.getRegisteredServiceDao().countRegisteredServices(authentication.getSub());
|
registeredServicesUtils.getRegisteredServiceDao().countRegisteredServices(authentication.getSub());
|
||||||
|
|
||||||
if (numberOfRegisteredServices >= 5) {
|
if (numberOfRegisteredServices >= 5) {
|
||||||
response.sendRedirect("./registeredServices"); // The message there already exists.
|
response.sendRedirect("./registeredServices"); // The message there already exists.
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
} catch (SQLException sqle) {
|
} catch (SQLException sqle) {
|
||||||
logger.error("Unable to count registered services.", sqle);
|
logger.error("Unable to count registered services.", sqle);
|
||||||
request.getSession().setAttribute("message", "Unable to contact DB. Please try again later.");
|
request.getSession().setAttribute("message", "Unable to contact DB. Please try again later.");
|
||||||
response.sendRedirect("./registeredServices");
|
response.sendRedirect("./registeredServices");
|
||||||
return;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static String createServiceJson(String clientId, String name, String email) {
|
private static String createServiceJson(String clientId, String name, String email) {
|
||||||
|
|
|
@ -155,6 +155,6 @@ public class RegisteredServicesServlet extends HttpServlet {
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean reachedMaximumNumberOfServices(List<RegisteredService> registeredServices) {
|
private boolean reachedMaximumNumberOfServices(List<RegisteredService> registeredServices) {
|
||||||
return registeredServices.size() == 5;
|
return registeredServices.size() >= 5;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package eu.dnetlib.openaire.usermanagement.utils;
|
package eu.dnetlib.openaire.usermanagement.utils;
|
||||||
|
|
||||||
import com.google.gson.JsonParser;
|
import com.google.gson.JsonParser;
|
||||||
|
import eu.dnetlib.openaire.usermanagement.api.Test3Service;
|
||||||
import org.apache.commons.io.IOUtils;
|
import org.apache.commons.io.IOUtils;
|
||||||
import org.apache.http.HttpResponse;
|
import org.apache.http.HttpResponse;
|
||||||
import org.apache.http.NameValuePair;
|
import org.apache.http.NameValuePair;
|
||||||
|
@ -9,7 +10,9 @@ import org.apache.http.client.methods.HttpPost;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
import org.apache.http.message.BasicNameValuePair;
|
import org.apache.http.message.BasicNameValuePair;
|
||||||
|
import org.apache.log4j.Logger;
|
||||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
@ -24,6 +27,18 @@ import java.util.regex.Matcher;
|
||||||
import java.util.regex.Pattern;
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
public class AuthenticationUtils {
|
public class AuthenticationUtils {
|
||||||
|
|
||||||
|
@Value("${oidc.issuer}")
|
||||||
|
private String issuer;
|
||||||
|
|
||||||
|
@Value("${oidc.secret}")
|
||||||
|
private String secret;
|
||||||
|
|
||||||
|
@Value("${oidc.id}")
|
||||||
|
private String id;
|
||||||
|
|
||||||
|
private Logger logger = Logger.getLogger(AuthenticationUtils.class);
|
||||||
|
|
||||||
public static boolean isAuthenticated(OIDCAuthenticationToken authenticationToken) {
|
public static boolean isAuthenticated(OIDCAuthenticationToken authenticationToken) {
|
||||||
if (authenticationToken != null) {
|
if (authenticationToken != null) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -38,4 +53,50 @@ public class AuthenticationUtils {
|
||||||
long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong();
|
long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong();
|
||||||
return (exp - (new Date().getTime()/1000)<=0);
|
return (exp - (new Date().getTime()/1000)<=0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
public void refreshAccessToken(String refreshToken) {
|
||||||
|
//TODO fix this
|
||||||
|
if (refreshToken == null || refreshToken.isEmpty()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
CloseableHttpClient httpclient = HttpClients.createDefault();
|
||||||
|
HttpPost httppost = new HttpPost(issuer+"/token");
|
||||||
|
|
||||||
|
// Request parameters and other properties.
|
||||||
|
List<NameValuePair> params = new ArrayList<NameValuePair>();
|
||||||
|
params.add(new BasicNameValuePair("client_id", id));
|
||||||
|
params.add(new BasicNameValuePair("client_secret", secret));
|
||||||
|
params.add(new BasicNameValuePair("grant_type", "refresh_token"));
|
||||||
|
params.add(new BasicNameValuePair("refresh_token", refreshToken));
|
||||||
|
params.add(new BasicNameValuePair("scope", "openid"));
|
||||||
|
|
||||||
|
HttpResponse response = null;
|
||||||
|
|
||||||
|
try {
|
||||||
|
httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
|
||||||
|
//Execute and get the response.
|
||||||
|
response = httpclient.execute(httppost);
|
||||||
|
org.apache.http.HttpEntity entity = response.getEntity();
|
||||||
|
|
||||||
|
//TODO fix this
|
||||||
|
if (response.getStatusLine().getStatusCode() == 401) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
String serverMessage = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8.name());
|
||||||
|
|
||||||
|
} catch (UnsupportedEncodingException uee) {
|
||||||
|
logger.error(uee);
|
||||||
|
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(, 500, "Fail to get access token.", uee.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (IOException ioe) {
|
||||||
|
logger.error(ioe);
|
||||||
|
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(, 500, "Fail to get access token.", ioe.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
}
|
||||||
|
}*/
|
||||||
}
|
}
|
||||||
|
|
|
@ -166,7 +166,7 @@
|
||||||
<button id="create" type="submit" class="uk-button uk-button-primary" onclick="return validate();">
|
<button id="create" type="submit" class="uk-button uk-button-primary" onclick="return validate();">
|
||||||
<c:choose>
|
<c:choose>
|
||||||
<c:when test="${not empty param.id}">
|
<c:when test="${not empty param.id}">
|
||||||
Edit service
|
Update service
|
||||||
</c:when>
|
</c:when>
|
||||||
<c:otherwise>
|
<c:otherwise>
|
||||||
Add new service
|
Add new service
|
||||||
|
|
Loading…
Reference in New Issue