Clean up all servlets for registered services.

This commit is contained in:
Konstantinos Triantafyllou 2023-07-06 11:26:25 +03:00
parent 99c59c9b77
commit 970abc0596
15 changed files with 21 additions and 1969 deletions

View File

@ -1,70 +0,0 @@
package eu.dnetlib.openaire.usermanagement;
import com.google.gson.*;
import java.lang.reflect.Type;
public class JwksDeserializer implements JsonDeserializer<Jwks> {
@Override
public Jwks deserialize(JsonElement jsonElement, Type type, JsonDeserializationContext jsonDeserializationContext)
throws JsonParseException {
JsonObject jsonObject = jsonElement.getAsJsonObject();
if (jsonObject == null) throw new JsonParseException("Jwks not valid.");
JsonArray jsonArray = jsonObject.getAsJsonArray("keys");
if (jsonArray == null ) throw new JsonParseException("Jwks not valid.");
Jwks jwks = new Jwks();
Key[] keys = new Key[jsonArray.size()];
Key key = null;
for (int i = 0; i < jsonArray.size(); i++) {
key = new Key();
JsonElement je = jsonArray.get(i);
if (je == null) throw new JsonParseException("Jwks not valid.");
if (je.getAsJsonObject().get("kty")==null) throw new JsonParseException("Jwks not valid.");
key.setKty(je.getAsJsonObject().get("kty").getAsString());
if (je.getAsJsonObject().get("e")==null) throw new JsonParseException("Jwks not valid.");
key.setE(je.getAsJsonObject().get("e").getAsString());
if (je.getAsJsonObject().get("kid")==null) throw new JsonParseException("Jwks not valid.");
key.setKid(je.getAsJsonObject().get("kid").getAsString());
if (je.getAsJsonObject().get("alg")==null) throw new JsonParseException("Jwks not valid.");
key.setAlg(je.getAsJsonObject().get("alg").getAsString());
if (je.getAsJsonObject().get("n")==null) throw new JsonParseException("Jwks not valid.");
key.setN(je.getAsJsonObject().get("n").getAsString());
keys[i] = key;
}
jwks.setKeys(keys);
return jwks;
}
}
/*
public static void main(String[] args) {
Gson gson = new GsonBuilder().registerTypeAdapter(Jwks.class, new JwksDeserializer()).create();
String jwksJson = "{\n" +
" \"keys\": [\n" +
" {\n" +
" \"kty\": \"RSA\",\n" +
" \"e\": \"AQAB\",\n" +
" \"kid\": \"05794a3c-a6f5-430c-9822-da4e53597ba5\",\n" +
" \"alg\": \"RS256\",\n" +
" \"n\": \"hm_OUny05OJEwbGBqPjE7wWvnwTMgqUHJFis_S9nM7hTivXQ_LX9f89RaVcPpXboox81Y8rrfuVwV0nc-FGr_E0FFpI-IwJ_sUUEDwf-5Qxor3LNc_S_5BiPOfFHY7c-R-ablRIAvVTXqwIjcyLVQnaHLjb9XQPf9lBt9sCZ2jN-9HOLztMO3BZWZYIFqvNr8ySKHfVPdlk0Wx3N45KPY0kgxk5RPYW0HLRakSlhIJtqYCJOr2IiDUEMAj9Z9BoWjeUKiAX3E3ZRo-DO1TWcc7feq-0Pei2IBw3lvNpgcBBv1_BlrsZYzQqkKOcDbLAppuhR3inUNhc3G67OuWt8ow\"\n" +
" }\n" +
" ]\n" +
"}";
Jwks jwks = gson.fromJson(jwksJson, Jwks.class);
for(Key key:jwks.getKeys()) {
//System.out.println(key.getE());
}
}
}
*/

View File

@ -1,10 +1,7 @@
package eu.dnetlib.openaire.usermanagement;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.beans.factory.annotation.Value;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -12,22 +9,10 @@ import java.io.IOException;
public class OverviewServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
@Value("${client-management.url}")
private String url;
boolean isAuthenticated = !SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()
.equals("anonymousUser");
if (isAuthenticated) {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0));
name.append(authentication.getUserInfo().getFamilyName().charAt(0));
request.getSession().setAttribute("authenticated", isAuthenticated);
request.getSession().setAttribute("name", name.toString());
}
response.setContentType("text/html");
request.getRequestDispatcher("./overview.jsp").include(request, response);
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.sendRedirect(url + "/");
}
}

View File

@ -1,116 +1,18 @@
package eu.dnetlib.openaire.usermanagement;
import com.google.gson.Gson;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
public class PersonalTokenServlet extends HttpServlet {
@Value("${oidc.secret}")
private String secret;
@Value("${client-management.url}")
private String url;
@Value("${oidc.id}")
private String id;
@Value("${oidc.issuer}")
private String issuer;
@Autowired
private StaticClientConfigurationService staticClientConfigurationService;
private Logger logger = Logger.getLogger(PersonalTokenServlet.class);
public void init(ServletConfig config) throws ServletException {
super.init(config);
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,
config.getServletContext());
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.sendRedirect(url + "/personal-token");
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0));
name.append(authentication.getUserInfo().getFamilyName().charAt(0));
request.getSession().setAttribute("name", name.toString());
request.getSession().setAttribute("accessToken", authentication.getAccessTokenValue());
request.getSession().setAttribute("refreshToken", authentication.getRefreshTokenValue());
request.getRequestDispatcher("./personal.jsp").include(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
String refreshToken = authentication.getRefreshTokenValue();
List<String> oldRefreshTokens = null;
try {
oldRefreshTokens = getOldRefreshTokens(authentication.getRefreshTokenValue(), authentication.getAccessTokenValue());
deleteOldRefreshTokens(oldRefreshTokens, authentication.getAccessTokenValue());
} catch (IOException e) {
logger.error("Error deleting old refresh tokens.", e);
//TODO should I let user know?
}
request.getSession().setAttribute("showRefreshToken", true);
response.sendRedirect("./personalToken");
}
private void deleteOldRefreshTokens(List<String> oldRefreshTokens, String accessToken) throws IOException {
HttpDelete httpDelete;
CloseableHttpClient httpclient = HttpClients.createDefault();
for (String refreshTokenId:oldRefreshTokens) {
httpDelete = new HttpDelete(issuer + "/api/tokens/refresh/" + refreshTokenId);
httpDelete.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken);
HttpResponse response = httpclient.execute(httpDelete);
if (response.getStatusLine().getStatusCode()!=200) {
logger.warn("Could not delete old refresh tokens." + response.getStatusLine().getStatusCode());
//System.out.println("Could not delete old refresh tokens." + response.getStatusLine().getStatusCode());//TODO should I throw exception?
}
}
}
private List<String> getOldRefreshTokens(String currentRefreshToken, String accessToken) throws IOException {
HttpGet httpGet = new HttpGet(issuer + "/api/tokens/refresh");
httpGet.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken);
CloseableHttpClient httpclient = HttpClients.createDefault();
String jsonResponse = IOUtils.toString(httpclient.execute(httpGet).getEntity().getContent(), StandardCharsets.UTF_8.name());
Gson gson = new Gson();
List<String> oldRefreshTokens = null;
for(RefreshToken refreshToken:gson.fromJson(jsonResponse, RefreshToken[].class)){
if (oldRefreshTokens == null) {
oldRefreshTokens = new ArrayList<>();
}
if (!refreshToken.getValue().equals(currentRefreshToken)) {
oldRefreshTokens.add(refreshToken.getId()+"");
}
}
return oldRefreshTokens;
}
}
}

View File

@ -1,58 +0,0 @@
package eu.dnetlib.openaire.usermanagement;
public class RefreshToken {
private String value;
private int id;
private String[] scopes;
private String clientId;
private String userId;
private String expliration;
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String[] getScopes() {
return scopes;
}
public void setScopes(String[] scopes) {
this.scopes = scopes;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getExpliration() {
return expliration;
}
public void setExpliration(String expliration) {
this.expliration = expliration;
}
}

View File

@ -1,427 +1,19 @@
package eu.dnetlib.openaire.usermanagement;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonParseException;
import eu.dnetlib.openaire.user.pojos.RegisteredService;
import eu.dnetlib.openaire.usermanagement.utils.RegisteredServicesUtils;
import eu.dnetlib.openaire.usermanagement.utils.TokenUtils;
import org.apache.commons.validator.routines.UrlValidator;
import org.apache.http.HttpResponse;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.method.P;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import org.springframework.beans.factory.annotation.Value;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.SQLException;
public class RegisterServiceServlet extends HttpServlet {
private Logger logger = Logger.getLogger(RegisterServiceServlet.class);
@Value("${client-management.url}")
private String url;
public void init(ServletConfig config) throws ServletException {
super.init(config);
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,
config.getServletContext());
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.sendRedirect(url + "/apis");
}
@Autowired
private RegisteredServicesUtils registeredServicesUtils;
@Autowired
private TokenUtils tokenUtils;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.
getContext().getAuthentication();
String userid = authentication.getSub();
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0));
name.append(authentication.getUserInfo().getFamilyName().charAt(0));
request.getSession().setAttribute("name", name.toString());
String idParam = request.getParameter("id");
if (idParam != null && !idParam.isEmpty()) { // EDIT CASE
//System.out.println("In edit");
try {
int id = Integer.parseInt(idParam);
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(id);
if (registeredService != null && registeredServicesUtils.isAuthorized(userid, id)) {
ServiceResponse serviceResponse = tokenUtils.getRegisteredService(registeredService.getClientId(), registeredService.getRegistrationAccessToken());
updateFormFields(request, registeredService.getName(), registeredService.getKeyType(), serviceResponse);
} else {
if (registeredService == null) {
//System.out.println("No service found!");
request.getSession().setAttribute("message", "Not valid registered service with given id " + id + ".");
response.sendRedirect("./registeredServices");
logger.warn("Not valid registered service with " + id + "id.");
} else {
//System.out.println("Not authorized");
request.getSession().setAttribute("message", "Not authorized to edit the registered service with id " + id + ".");
response.sendRedirect("./registeredServices");
logger.warn("Not authorized to edit the service with " + id + "id.");
}
}
} catch (NumberFormatException nfe) {
//System.out.println("WRONG FORMAT");
request.getSession().setAttribute("message", "Invalid service id.");
response.sendRedirect("./registeredServices");
logger.error("Invalid service id.", nfe);
} catch (SQLException sqle) {
//System.out.println("SQL PROBLEM");
request.getSession().setAttribute("message", "Could not fetch registered service.");
response.sendRedirect("./registeredServices");
logger.error("Could not fetch registered service.", sqle);
}
} else {// NEW SERVICE CASE
//Careful! Redirects in method
request.getSession().setAttribute("first_name", null);
request.getSession().setAttribute("key_type", null);
request.getSession().setAttribute("jwksUri", null);
request.getSession().setAttribute("value", null);
checkNumberOfRegisteredServices(request, response, authentication);
}
response.setContentType("text/html");
request.getRequestDispatcher("./registerService.jsp").include(request, response);
}
private void updateFormFields(HttpServletRequest request, String serviceName, String keyType, ServiceResponse serviceResponse) {
//System.out.println("UPDATING FORM");
request.getSession().setAttribute("first_name", serviceName);
//System.out.println("Service response URI " + serviceResponse.getJwksUri());
request.getSession().setAttribute("key_type", keyType);
if (keyType != null) {
if (keyType.equals("uri")) {
request.getSession().setAttribute("jwksUri", serviceResponse.getJwksUri());
} else {
Key key;
if (serviceResponse.getJwks() != null) {
key = serviceResponse.getJwks().keys[0];
} else {
key = new Key();
}
//System.out.println("Service response keys " + serviceResponse.getJwksUri());
Gson gson = new GsonBuilder().setPrettyPrinting().create();
request.getSession().setAttribute("value", gson.toJson(key));
}
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.
getContext().getAuthentication();
response.setContentType("text/html");
boolean canProceed = true;
String mode = request.getParameter("mode").trim();
//System.out.println("Mode was " + mode);
checkmode(mode);
//System.out.println("Mode is " + mode);
String serviceId = request.getParameter("id");
String name = request.getParameter("first_name").trim();
if (name.isEmpty()) {
request.getSession().setAttribute("first_name_error", true);
canProceed = false;
}
String keyType = request.getParameter("key_type");
String jwksUri = null;
String jwksString = null;
Jwks jwks = null;
if(keyType != null) {
keyType = keyType.trim();
if (keyType.equals("uri")) {
jwksUri = request.getParameter("uri");
request.getSession().setAttribute("jwksUri", jwksUri);
String[] schemes = {"https"};
UrlValidator urlValidator = new UrlValidator(schemes);
if (!urlValidator.isValid(jwksUri)) {
request.getSession().setAttribute("uri_error", true);
canProceed = false;
}
} else {
jwksString = request.getParameter("value");
try {
Gson gson = new GsonBuilder().registerTypeAdapter(Jwks.class, new JwksDeserializer()).create();
String jwksSet = String.format("{\"keys\":[%s]}", jwksString);
jwks = gson.fromJson(jwksSet, Jwks.class);
request.getSession().setAttribute("value", jwksString);
if (jwks.getKeys() == null || jwks.getKeys().length == 0) {
//System.out.println("Something wrong with the keys.");
request.getSession().setAttribute("value_error", true);
canProceed = false;
}
} catch (JsonParseException jpe) {
request.getSession().setAttribute("value_error", true);
canProceed = false;
}
}
}
String userid = authentication.getSub();
String email = authentication.getUserInfo().getEmail();
ServiceResponse serviceResponse = null;
if (nameIsValid(name) && userInfoIsValid(userid, email) && keyIsValid(keyType, jwksUri, jwksString) && canProceed) {
String serverMessage;
if (mode.equals("create")) {
//Careful! Redirects in method
if (!checkNumberOfRegisteredServices(request, response, authentication)) {
return;
}
String serverRequestJSON = null;
if(keyType == null) {
serverRequestJSON = createServiceJson(null, name, email);
} else if (keyType.equals("uri")) {
serverRequestJSON = createServiceJson(null, name, email, jwksUri);
} else if (keyType.equals("value")){
serverRequestJSON = createServiceJson(null, name, email, jwks);
}
if(serverRequestJSON != null) {
//System.out.println("SERVER JSON " + serverRequestJSON);
serverMessage = tokenUtils.registerService(serverRequestJSON);
logger.debug(serverMessage);
if (serverMessage == null) {
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
response.sendRedirect("./registeredServices");
return;
}
serviceResponse = new Gson().fromJson(serverMessage, ServiceResponse.class);
String client_id = serviceResponse.getClientId();
RegisteredService registeredService = new RegisteredService(client_id, userid, name, serviceResponse.getRegistrationAccessToken(), keyType);
try {
registeredServicesUtils.addRegistedService(registeredService);
if(registeredService.getKeyType() != null) {
request.getSession().setAttribute("success",
"Your service has been successfully registered!<br>" +
"<b>Client ID</b>: " + serviceResponse.getClientId());
} else {
request.getSession().setAttribute("success",
"Your service has been successfully registered!<br>" +
"<b>Client ID</b>: " + serviceResponse.getClientId() +
"<br><span style=\"word-wrap: break-word\"><b>Client Secret</b>:" + serviceResponse.getClientSecret() + "</span>");
}
} catch (SQLException sqle) {
logger.error("Fail to save service.", sqle);
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
response.sendRedirect("./registeredServices");
return;
}
} else {
logger.error("Service request JSON is null");
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
response.sendRedirect("./registeredServices");
return;
}
} else {
int serviceIdInt = 0;
if (serviceId == null || serviceId.isEmpty()) { //TODO WRONG MESSAGE
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
response.sendRedirect("./registeredServices");
} else {
//System.out.println("In edit...");
try {
serviceIdInt = Integer.parseInt(serviceId);
if (!registeredServicesUtils.isAuthorized(authentication.getSub(), serviceIdInt)) {
request.getSession().setAttribute("message", "You have no permission to edit the service.");
response.sendRedirect("./registeredServices");
} else {
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(serviceIdInt);
if (registeredService != null && registeredService.getClientId() != null) {
String serverRequestJSON = null;
if (keyType == null) {
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email);
} else if (keyType.equals("uri")) {
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwksUri);
} else if (keyType.equals("value")) {
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwks);
}
if (serverRequestJSON != null) {
//System.out.println("SERVER JSON " + serverRequestJSON);
HttpResponse resp = tokenUtils.updateService(registeredService.getClientId(), serverRequestJSON, registeredService.getRegistrationAccessToken());
if (resp.getStatusLine().getStatusCode() == 200) {
//System.out.println("NAME >>>>" + name);
registeredService.setName(name);
//System.out.println("Client Id " + registeredService.getClientId());
try {
registeredServicesUtils.getRegisteredServiceDao().update(registeredService);
} catch (SQLException sqle) {
logger.error("Unable to contact db.", sqle);
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
response.setContentType("text/html");
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
return;
}
request.getSession().setAttribute("success",
"Your service has been successfully updated!<br>" +
"<b>Client ID</b>: " + registeredService.getClientId());
}
} else {
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
response.sendRedirect("./registeredServices");
return;
}
} else {
logger.error("Service request JSON is null");
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
response.sendRedirect("./registeredServices");
return;
}
}
} catch(SQLException sqle){
logger.error("Unable to access service with id " + serviceId, sqle);
request.getSession().setAttribute("message", "There was an error accessing your service.");
response.sendRedirect("./registeredServices");
} catch(NumberFormatException nfe){
logger.error("Unable to access service with id " + serviceId, nfe);
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
response.sendRedirect("./registeredServices");
}
}
}
} else {
//something is wrong with the form and the error messages will appear
request.getSession().setAttribute("first_name", name);
request.getSession().setAttribute("key_type", keyType);
request.getSession().setAttribute("uri", jwksUri);
request.getSession().setAttribute("value", jwksString);
if (serviceId != null && !serviceId.isEmpty()) {
request.getRequestDispatcher("./registerService.jsp?id=" + serviceId).forward(request, response);
} else {
request.getRequestDispatcher("./registerService.jsp").include(request, response);
}
return;
}
response.sendRedirect("./registeredServices");
}
private void checkmode(String mode) {
if (mode != null && !mode.isEmpty()) {
if (!mode.equals("edit") || mode.equals("create")) {
mode = "create";
}
} else {
mode = "create";
}
}
private boolean keyIsValid(String keyType, String jwksUri, String jwksString) {
return keyType == null || (keyType.equals("uri") && jwksUri != null && !jwksUri.isEmpty()) ||
keyType.equals("value") && jwksString != null && !jwksString.isEmpty();
}
private boolean userInfoIsValid(String userid, String email) {
return userid != null && !userid.isEmpty() &&
email != null && !email.isEmpty();
}
private boolean nameIsValid(String name) {
return name != null && !name.isEmpty();
}
private boolean checkNumberOfRegisteredServices(HttpServletRequest request, HttpServletResponse response, OIDCAuthenticationToken authentication) throws IOException {
try {
long numberOfRegisteredServices =
registeredServicesUtils.getRegisteredServiceDao().countRegisteredServices(authentication.getSub());
if (numberOfRegisteredServices >= 5) {
response.sendRedirect("./registeredServices"); // The message there already exists.
return false;
}
} catch (SQLException sqle) {
logger.error("Unable to count registered services.", sqle);
request.getSession().setAttribute("message", "Unable to contact DB. Please try again later.");
response.sendRedirect("./registeredServices");
return false;
}
return true;
}
private static String createServiceJson(String clientId, String name, String email) {
ServiceRequest serviceJSON = new ServiceRequest();
serviceJSON.setClientId(clientId);
serviceJSON.setClientName(name);
serviceJSON.setContacts(new String[]{email});
serviceJSON.setToken_endpoint_auth_method("client_secret_basic");
serviceJSON.setTokenEndpointAuthSigningAlg(null);
GsonBuilder builder = new GsonBuilder();
builder.serializeNulls();
Gson gson = builder.create();
//System.out.println("Created json " + serviceJSON);
return gson.toJson(serviceJSON);
}
private static String createServiceJson(String clientId, String name, String email, String jwksURI) {
ServiceRequest serviceJSON = new ServiceRequest();
serviceJSON.setClientId(clientId);
serviceJSON.setClientName(name);
serviceJSON.setContacts(new String[]{email});
serviceJSON.setJwksUri(jwksURI);
GsonBuilder builder = new GsonBuilder();
builder.serializeNulls();
Gson gson = builder.create();
//System.out.println("Created json " + serviceJSON);
return gson.toJson(serviceJSON);
}
private static String createServiceJson(String clientId, String name, String email, Jwks jwks) {
ServiceRequest serviceJSON = new ServiceRequest();
serviceJSON.setClientId(clientId);
serviceJSON.setClientName(name);
serviceJSON.setContacts(new String[]{email});
serviceJSON.setJwks(jwks);
GsonBuilder builder = new GsonBuilder();
builder.serializeNulls();
Gson gson = builder.create();
//System.out.println("Created json " + serviceJSON);
return gson.toJson(serviceJSON);
}
}

View File

@ -1,160 +1,19 @@
package eu.dnetlib.openaire.usermanagement;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import eu.dnetlib.openaire.user.pojos.RegisteredService;
import eu.dnetlib.openaire.usermanagement.utils.RegisteredServicesUtils;
import eu.dnetlib.openaire.usermanagement.utils.TokenUtils;
import org.apache.http.HttpResponse;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import org.springframework.beans.factory.annotation.Value;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.SQLException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class RegisteredServicesServlet extends HttpServlet {
private Logger logger = Logger.getLogger(RegisteredServicesServlet.class);
@Value("${client-management.url}")
private String url;
@Autowired
private RegisteredServicesUtils registeredServicesUtils;
@Autowired
private TokenUtils tokenUtils;
public void init(ServletConfig config) throws ServletException {
super.init(config);
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,
config.getServletContext());
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
request.getSession().setAttribute("authenticated",
!SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()
.equals("anonymousUser"));
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.
getContext().getAuthentication();
String userId = authentication.getSub();
List<RegisteredService> registeredServices = null;
try {
registeredServices = registeredServicesUtils.
getRegisteredServiceDao().fetchAllRegisteredServicesByOwner(userId);
//System.out.println("LOAD REGISTERED SERVICES. " + registeredServices.size());
if (registeredServices.isEmpty()) {
request.getSession().setAttribute("showEmptyList", true);
} else {
Map<String, ServiceResponse> serviceResponses = new HashMap<>();
Map<String, String> serviceKey = new HashMap<>();
for (RegisteredService registeredService:registeredServices) {
ServiceResponse serviceResponse = tokenUtils.getRegisteredService(registeredService.getClientId(),registeredService.getRegistrationAccessToken());
serviceResponses.put(registeredService.getId(), serviceResponse);
serviceKey.put(registeredService.getId(), extractPublicKeySet(serviceResponse));
}
boolean reachedLimit = reachedMaximumNumberOfServices(registeredServices);
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0));
name.append(authentication.getUserInfo().getFamilyName().charAt(0));
request.getSession().setAttribute("name", name.toString());
request.getSession().setAttribute("reachedLimit", reachedLimit);
//System.out.println("REACHED LIMIT??? " + reachedLimit);
request.getSession().setAttribute("services", serviceResponses);
request.getSession().setAttribute("keys", serviceKey);
}
request.getSession().setAttribute("registeredServices", registeredServices);
} catch (SQLException sqle) {
logger.error("Error fetching registered services for user " + userId , sqle);
request.getSession().setAttribute("message", "Error fetching registered services. " +
"Please try again later.");
request.getSession().setAttribute("showEmptyList", false);
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
}
response.setContentType("text/html");
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
}
private String extractPublicKeySet(ServiceResponse serviceResponse) {
if (serviceResponse.getJwksUri()!=null && !serviceResponse.getJwksUri().isEmpty())
return serviceResponse.getJwksUri();
return extractJSONJwk(serviceResponse.getJwks());
}
private String extractJSONJwk(Jwks jwks) {
Gson gson = new GsonBuilder().setPrettyPrinting().create();
//System.out.println(gson.toJson(jwks));
return gson.toJson(jwks);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.
getContext().getAuthentication();
String id = request.getParameter("id");
//System.out.println("POST " +id);
if (id!=null && !id.isEmpty()) {
try {
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(Integer.parseInt(id));
if (!registeredService.getOwner().equals(authentication.getSub())) {
request.getSession().setAttribute("message", "You are not allowed to delete the service.");
//System.out.println("BLOCKED " + registeredService.getOwner() + " >> " + authentication.getSub());
response.sendRedirect("./registeredServices");
return;
}
HttpResponse resp = tokenUtils.deleteService(registeredService.getClientId(), registeredService.getRegistrationAccessToken());
int statusCode = resp.getStatusLine().getStatusCode();
//System.out.println("STATUS CODE " + statusCode);
if (statusCode != 204) {
logger.error("Unable to delete the service. Status code was " + statusCode);
request.getSession().setAttribute("message", "Fail to delete the service. Status " + statusCode);
//System.out.println("AAI blocked");
response.sendRedirect("./registeredServices");
return;
} else {
registeredServicesUtils.getRegisteredServiceDao().delete(Integer.parseInt(id));
request.getSession().setAttribute("success", "The service was successfully deleted.");
//System.out.println("HERE HERE");
}
} catch (SQLException sqle) {
logger.error("Unable to contact db.", sqle);
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
}
} else {
request.getSession().setAttribute("message", "Error selecting service to delete. Please try again.");
}
response.sendRedirect("./registeredServices");
}
private boolean reachedMaximumNumberOfServices(List<RegisteredService> registeredServices) {
return registeredServices.size() >= 5;
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.sendRedirect(url + "/apis");
}
}

View File

@ -1,170 +0,0 @@
package eu.dnetlib.openaire.usermanagement;
import java.io.Serializable;
public class ServiceRequest {
String client_name;
String client_id;
String logo_uri;
String policy_uri;
String[] contacts;
String[] redirect_uris = new String[]{};
String[] grant_types = new String[] {"client_credentials"};
String token_endpoint_auth_method = "private_key_jwt";
String token_endpoint_auth_signing_alg = "RS256";
String jwks_uri;
Jwks jwks;
public String getClientName() {
return client_name;
}
public void setClientName(String clientName) {
this.client_name = clientName;
}
public String getClientId() {
return client_id;
}
public void setClientId(String clientId) {
this.client_id = clientId;
}
public String[] getRedirectUris() {
return redirect_uris;
}
public void setRedirectUris(String[] redirectUris) {
this.redirect_uris = redirectUris;
}
public String getLogoUri() {
return logo_uri;
}
public void setLogoUri(String logoUri) {
this.logo_uri = logoUri;
}
public String getPolicyUri() {
return policy_uri;
}
public void setPolicyUri(String policyUri) {
this.policy_uri = policyUri;
}
public String[] getContacts() {
return contacts;
}
public void setContacts(String[] contacts) {
this.contacts = contacts;
}
public String[] getGrantTypes() {
return grant_types;
}
public void setGrantTypes(String[] grantTypes) {
this.grant_types = grantTypes;
}
public String getToken_endpoint_auth_method() {
return token_endpoint_auth_method;
}
public void setToken_endpoint_auth_method(String token_endpoint_auth_method) {
this.token_endpoint_auth_method = token_endpoint_auth_method;
}
public String getTokenEndpointAuthSigningAlg() {
return token_endpoint_auth_signing_alg;
}
public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) {
this.token_endpoint_auth_signing_alg = tokenEndpointAuthSigningAlg;
}
public String getJwksUri() {
return jwks_uri;
}
public void setJwksUri(String jwksUri) {
this.jwks_uri = jwksUri;
}
public Jwks getJwks() {
return jwks;
}
public void setJwks(Jwks jwks) {
this.jwks = jwks;
}
}
class Jwks implements Serializable {
Key[] keys;
public Key[] getKeys() {
return keys;
}
public void setKeys(Key[] keys) {
this.keys = keys;
}
}
class Key implements Serializable {
String kty;
String e;
String kid;
String alg;
String n;
public String getKty() {
return kty;
}
public void setKty(String kty) {
this.kty = kty;
}
public String getE() {
return e;
}
public void setE(String e) {
this.e = e;
}
public String getKid() {
return kid;
}
public void setKid(String kid) {
this.kid = kid;
}
public String getAlg() {
return alg;
}
public void setAlg(String alg) {
this.alg = alg;
}
public String getN() {
return n;
}
public void setN(String n) {
this.n = n;
}
}

View File

@ -1,93 +0,0 @@
package eu.dnetlib.openaire.usermanagement;
import java.io.Serializable;
public class ServiceResponse implements Serializable {
String client_id;
Long client_id_issued_at;
String client_secret;
Long client_secret_expires_at;
String registration_access_token;
String registration_client_uri;
String[] redirect_uris;
String client_name;
String logo_uri;
String policy_uri;
String[] contacts;
String[] grant_types;
String token_endpoint_auth_method;
String token_endpoint_auth_signing_alg;
String scope;
String jwks_uri;
Jwks jwks;
public String getClientId() {
return client_id;
}
public Long getClientIdIssuedAt() {
return client_id_issued_at;
}
public String getClientSecret() {
return client_secret;
}
public Long getClientSecretExpiresAt() {
return client_secret_expires_at;
}
public String getRegistrationAccessToken() {
return registration_access_token;
}
public String getRegistrationClientUri() {
return registration_client_uri;
}
public String[] getRedirectUris() {
return redirect_uris;
}
public String getClientName() {
return client_name;
}
public String getLogoUri() {
return logo_uri;
}
public String getPolicyUri() {
return policy_uri;
}
public String[] getContacts() {
return contacts;
}
public String[] getGrantTypes() {
return grant_types;
}
public String getTokenEndpointAuthMethod() {
return token_endpoint_auth_method;
}
public String getTokenEndpointAuthSigningAlg() {
return token_endpoint_auth_signing_alg;
}
public String getScope() {
return scope;
}
public String getJwksUri() {
return jwks_uri;
}
public Jwks getJwks() {
return jwks;
}
}

View File

@ -1,35 +0,0 @@
package eu.dnetlib.openaire.usermanagement.utils;
import eu.dnetlib.openaire.user.pojos.RegisteredService;
import eu.dnetlib.openaire.user.registeredService.RegisteredServiceDao;
import eu.dnetlib.openaire.user.registeredService.RegisteredServiceSQL;
import org.springframework.stereotype.Component;
import java.sql.SQLException;
@Component
public class RegisteredServicesUtils {
RegisteredServiceDao registeredServiceDao = new RegisteredServiceSQL();
public RegisteredServiceDao getRegisteredServiceDao() {
return registeredServiceDao;
}
public void setRegisteredServiceDao(RegisteredServiceDao registeredServiceDao) {
this.registeredServiceDao = registeredServiceDao;
}
public void addRegistedService(RegisteredService registeredService) throws SQLException {
registeredServiceDao.insertRegisteredService(registeredService);
}
public boolean isAuthorized(String userid, int id) throws SQLException {
RegisteredService registeredService = registeredServiceDao.fetchRegisteredServiceById(id);
if (registeredService == null) {
return false; //no harm in accessing nothing
}
return registeredService.getOwner().equals(userid);
}
}

View File

@ -1,91 +0,0 @@
package eu.dnetlib.openaire.usermanagement.utils;
import com.google.gson.Gson;
import eu.dnetlib.openaire.usermanagement.ServiceResponse;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.List;
@Component
public class TokenUtils {
private Logger logger = Logger.getLogger(TokenUtils.class);
@Value("${oidc.issuer}")
private String issuer;
public String registerService(String serverRequestJSON)
throws IOException {
HttpPost httppost = new HttpPost( issuer + "register");
httppost.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
StringEntity params = new StringEntity(serverRequestJSON);
httppost.setEntity(params);
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpResponse httpResponse = httpclient.execute(httppost);
//System.out.println("HTTP RESPONSE " + httpResponse.getStatusLine().getStatusCode());
if (httpResponse.getStatusLine().getStatusCode() == 201) {
//logger.debug(IOUtils.toString(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8.name()));
return IOUtils.toString(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8.name());
}
return null;
}
public HttpResponse updateService(String serviceId, String serviceSON, String registeredAccessToken) throws IOException {
HttpPut httpPut = new HttpPut(issuer + "register/"+serviceId);
httpPut.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
httpPut.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + registeredAccessToken);
StringEntity params = new StringEntity(serviceSON.toString());
httpPut.setEntity(params);
CloseableHttpClient httpclient = HttpClients.createDefault();
return httpclient.execute(httpPut);
}
public HttpResponse deleteService(String serviceId, String registeredAccessToken) throws IOException {
//System.out.println("DELETE " + issuer + "register/"+serviceId);
HttpDelete httpDelete = new HttpDelete(issuer + "register/"+serviceId);
httpDelete.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
httpDelete.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + registeredAccessToken);
CloseableHttpClient httpclient = HttpClients.createDefault();
return httpclient.execute(httpDelete);
}
public ServiceResponse getRegisteredService(String serviceId, String registeredAccessToken) throws IOException {
//System.out.println("ISSUER " + issuer);
HttpGet httpGet = new HttpGet(issuer + "register/"+ serviceId);
httpGet.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + registeredAccessToken);
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpResponse httpResponse = httpclient.execute(httpGet);
String registeredService = IOUtils.toString(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8.name());
//System.out.println(registeredService);
return new Gson().fromJson(registeredService,ServiceResponse.class);
}
public void viewRegisteredServices(List<String> serviceIds, String registeredAccessToken) throws IOException {
for (String serviceId: serviceIds) {
getRegisteredService(serviceId, registeredAccessToken);
}
}
}

View File

@ -2,3 +2,4 @@ google.recaptcha.secret = 6LfYrU8UAAAAADwrbImPvDo_XcxEZvrkkgMy9yU0
google.recaptcha.key = 6LfYrU8UAAAAAFsl3m2YhP1uavdmAdFEXBkoY_vd
role-management.url = http://mpagasas.di.uoa.gr:8080/dnet-role-management
client-management.url = http://mpagasas.di.uoa.gr:5100

View File

@ -1,79 +0,0 @@
<%--
Created by IntelliJ IDEA.
User: sofia
Date: 19/10/2017
Time: 4:30 μμ
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<!DOCTYPE html>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html lang="en-gb" dir="ltr" vocab="http://schema.org/">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<base href=".">
<title>OpenAIRE - APIs Authentication</title>
<script src="./js/jquery.js"></script>
<script src="./js/uikit.min.js"></script>
<script src="./js/validation.js"></script>
<script src="./js/uikit-icons-max.js"></script>
<link rel="stylesheet" style="text/css" href="./css/theme.css">
<link rel="stylesheet" style="text/css" href="./css/custom.css">
<link rel="stylesheet" style="text/css" href="./css/aai-custom.css">
<link rel="icon" type="image/png" sizes="32x32" href="images/favicon/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="96x96" href="images/favicon//favicon-96x96.png">
<link rel="icon" type="image/png" sizes="16x16" href="images/favicon/favicon-16x16.png">
<link href="images/favicon/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />
</head>
<body class="" style="">
<div class="uk-offcanvas-content uk-height-viewport">
<!-- MENU STARTS HERE -->
<jsp:include page="header.jsp"/>
<!-- CONTENT STARTS HERE -->
<div class="first_page_section uk-section-default uk-section uk-padding-remove-vertical">
<div class="first_page_banner_headline uk-grid-collapse uk-flex-middle uk-margin-remove-vertical uk-grid" uk-grid="">
</div>
</div>
<div class=" uk-section uk-margin-small-top uk-container " id="tm-main">
<div class="uk-text-center">
<!-- CENTER SIDE -->
<h2 class="uk-h2 uk-margin-small-bottom">OpenAIRE APIs Authentication</h2>
<div class="uk-margin-top">
The OpenAIRE APIs can be accessed over HTTPS both by authenticated and unauthenticated requests.
To achieve <b>better rate limits</b> you need to make <b>authenticated requests</b>.
</div>
<div class="uk-container uk-container-small uk-margin-top">
<div class="uk-alert-primary uk-alert uk-margin-top-remove">
<span uk-icon="info"></span>
<span class="uk-margin-small-left">For more information please read the <a href="https://graph.openaire.eu/develop/authentication.html" target="_blank">OpenAIRE API Authentication documentation</a>.</span>
</div>
<div class="uk-grid uk-child-width-1-2@m uk-child-width-1-1" uk-grid>
<div>
<div class="uk-card uk-card-default uk-card-body">
<div class=""> <a class="uk-link uk-text-large" href="./personalToken"> Personal token</a></div>
<div>Get access to the OpenAIRE APIs with your personal access and refresh token.</div>
</div>
</div>
<div>
<div class="uk-card uk-card-default uk-card-body ">
<div class=""> <a class="uk-link uk-text-large" href="./registeredServices"> Registered Services</a></div>
<div>Register your services to get access to the OpenAIRE APIs.</div>
</div>
</div>
</div>
</div>
<!-- END OF CENTER SIDE -->
</div>
</div>
<!-- CONTENT ENDS HERE -->
<c:import url="footer.jsp"/>
</div>
</body>
</html>

View File

@ -1,186 +0,0 @@
<!DOCTYPE html>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html lang="en-gb" dir="ltr" vocab="http://schema.org/">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>OpenAIRE - Personal token</title>
<script src="./js/jquery.js"></script>
<script src="./js/uikit.min.js"></script>
<script src="./js/uikit-icons-max.js"></script>
<script>
function copy(id) {
var element = document.getElementById(id);
if (document.body.createTextRange) {
range = document.body.createTextRange();
range.moveToElementText(element);
range.select();
} else if (window.getSelection) {
selection = window.getSelection();
range = document.createRange();
range.selectNodeContents(element);
selection.removeAllRanges();
selection.addRange(range);
}
try {
document.execCommand('copy');
UIkit.notification({message: 'Copied to clipboard!', status: 'primary', pos: 'top-right'});
} catch (err) {
console.error('unable to copy text');
}
}
$(document).ready(function () {
document.addEventListener('copy', (event) => {
const selection = document.getSelection();
event.clipboardData.setData('text/plain', selection.toString().trim());
event.preventDefault();
});
});
</script>
<link rel="stylesheet" style="text/css" href="./css/theme.css">
<link rel="stylesheet" style="text/css" href="./css/custom.css">
<link rel="stylesheet" style="text/css" href="./css/aai-custom.css">
<link rel="icon" type="image/png" sizes="32x32" href="images/favicon/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="96x96" href="images/favicon//favicon-96x96.png">
<link rel="icon" type="image/png" sizes="16x16" href="images/favicon/favicon-16x16.png">
<link href="images/favicon/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon"/>
</head>
<body class="" style="">
<div class="uk-offcanvas-content uk-height-viewport">
<jsp:include page="header.jsp"/>
<div class="first_page_section uk-section-default uk-section uk-padding-remove-vertical">
<div class="first_page_banner_headline uk-grid-collapse uk-flex-middle uk-margin-remove-vertical uk-grid"
uk-grid="">
</div>
</div>
<div class=" uk-section uk-margin-small-top uk-container uk-container-large" id="tm-main">
<div class="uk-grid ">
<div class="uk-width-1-4@m">
<div class="uk-card uk-card-default uk-card-body">
<div class="uk-h4">API Access</div>
<ul class="uk-nav uk-nav-default">
<li class="uk-active"><a href="./personalToken">Personal token</a></li>
<li class=""><a href="./registeredServices">Registered services</a></li>
<%--<li class="uk-parent">
<a href="#">Parent</a>
<ul class="uk-nav-sub">
<li><a href="#">Sub item</a></li>
<li>
<a href="#">Sub item</a>
<ul>
<li><a href="#">Sub item</a></li>
<li><a href="#">Sub item</a></li>
</ul>
</li>
</ul>
</li>--%>
</ul>
</div>
</div>
<!-- CENTER SIDE -->
<div class="uk-width-2-3@l uk-width-2-3@m">
<div>
<span id="server_error" class="uk-text-danger uk-text-small uk-float-left">${message}</span>
<c:remove var="message" scope="session"/>
<div class="uk-alert-primary uk-margin-remove-top uk-alert uk-flex uk-flex-middle">
<span uk-icon="info"></span>
<span class="uk-margin-small-left">
For further information on how to use the tokens please visit the
<a href="https://graph.openaire.eu/develop/personalToken.html" target="_blank">OpenAIRE API Authentication documentation</a>.
</span>
</div>
<form id="revoke" name="revoke" action="./personalToken" method="post">
<!-- <a class=" uk-text-danger uk-float-right" title="Revoke access token" onClick="document.revoke.submit();"><span uk-icon="refresh" ></span></a> -->
<h4 class="uk-margin-remove-top uk-text-bold uk-text-primary">Your personal access token is</h4>
<div class="uk-flex uk-flex-middle uk-margin-bottom">
<div class="uk-width-expand">
<pre class="uk-margin-remove-bottom"><code id="accessToken">${accessToken}</code></pre>
</div>
<div class="uk-width-auto uk-padding-small uk-text-center">
<a onclick="copy('accessToken')"
title="Copy access token"><span uk-icon="copy"></span>
</a>
</div>
</div>
<div class="uk-flex uk-flex-middle">
<span uk-icon="info"></span>
<span class="uk-margin-small-left">
Your access token is <span class="uk-text-bold">valid for an hour</span>.
</span>
</div>
<div class="uk-text-danger uk-flex uk-flex-middle uk-margin-small-top">
<span uk-icon="warning"></span>
<span class="uk-margin-small-left">
Do not share your personal access token. Send your personal access token only over HTTPS.
</span>
</div>
</form>
</div>
<div class="uk-section">
<!--<a class=" uk-text-danger uk-float-right" title="Revoke refresh token"><span uk-icon="refresh"></span></a>-->
<c:choose>
<c:when test="${showRefreshToken == true}">
<h4 class="uk-margin-remove-top uk-text-bold uk-text-primary">Your refresh token is</h4>
<div class="uk-flex uk-flex-middle uk-margin-bottom">
<div class="uk-width-expand">
<pre class="uk-margin-remove-bottom"><code id="refreshToken">${refreshToken}</code></pre>
</div>
<div class="uk-width-auto uk-padding-small uk-text-center">
<a onclick="copy('refreshToken')"
title="Copy refreshToken token"><span uk-icon="copy"></span>
</a>
</div>
</div>
<div class="uk-flex uk-flex-middle">
<span uk-icon="info"></span>
<span class="uk-margin-small-left">OpenAIRE refresh token <span class="uk-text-bold">expires after 1 month</span> and allows you to programmatically get a new access token.</span>
</div>
<div class="uk-text-danger uk-flex uk-flex-middle uk-margin-small-top">
<span uk-icon="warning"></span>
<div class="uk-margin-small-left">
<div>Please copy your refresh token and store it confidentially. You will not be able to retrieve it.</div>
<div>Do not share your refresh token. Send your refresh token only over HTTPS.</div>
</div>
</div>
</c:when>
<c:otherwise>
<h4 class="uk-margin-remove-top uk-text-bold uk-text-primary">Do you need a refresh token?</h4>
<div class="uk-flex uk-flex-middle">
<span uk-icon="info"></span>
<span class="uk-margin-small-left">OpenAIRE refresh token <span class="uk-text-bold">expires after 1 month</span> and allows you to programmatically get a new access token.</span>
</div>
<button type="submit" class="uk-button uk-button-primary uk-margin-medium-top" uk-toggle="target: #refreshWarning">Get a
refresh token
</button>
</c:otherwise>
</c:choose>
</div>
<!-- This is the modal -->
<div id="refreshWarning" uk-modal>
<div class="uk-modal-dialog uk-modal-body">
<form id="refreshForm" action="./personalToken" method="POST">
<h2 class="uk-modal-title">Get refresh token</h2>
<p>In case you already have a refresh token, it will no longer be valid. Do you want to
proceed?</p>
<p class="uk-text-right">
<button class="uk-button uk-button-default uk-modal-close" type="button">Cancel</button>
<button class="uk-button uk-button-primary uk-margin-small-left" type="button" onclick="submit();">Get
refresh token
</button>
</p>
</form>
</div>
</div>
</div>
<!-- END OF CENTER SIDE -->
</div>
</div>
<!-- CONTENT ENDS HERE -->
<c:import url="footer.jsp"/>
</div>
</body>
</html>

View File

@ -1,314 +0,0 @@
<%--
Created by IntelliJ IDEA.
User: sofia
Date: 19/10/2017
Time: 4:30 μμ
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<!DOCTYPE html>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html lang="en-gb" dir="ltr" vocab="http://schema.org/">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<base href=".">
<title>OpenAIRE - Register</title>
<script src="./js/jquery.js"></script>
<script src="./js/uikit.min.js"></script>
<script src="./js/uikit-icons-max.js"></script>
<link rel="stylesheet" style="text/css" href="./css/theme.css">
<link rel="stylesheet" style="text/css" href="./css/custom.css">
<link rel="stylesheet" style="text/css" href="./css/aai-custom.css">
<link rel="icon" type="image/png" sizes="32x32" href="images/favicon/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="96x96" href="images/favicon//favicon-96x96.png">
<link rel="icon" type="image/png" sizes="16x16" href="images/favicon/favicon-16x16.png">
<link href="images/favicon/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon"/>
</head>
<body class="" style="">
<div class="uk-offcanvas-content uk-height-viewport">
<jsp:include page="header.jsp"/>
<!-- CONTENT STARTS HERE -->
<div class=" uk-section uk-margin-small-top uk-container uk-container-large" id="tm-main">
<div class="uk-grid ">
<div class="uk-width-1-4@m">
<div class="uk-card uk-card-default uk-card-body">
<div class="uk-h4">API Access</div>
<ul class="uk-nav uk-nav-default">
<li class=""><a href="./personalToken">Personal token</a></li>
<li class=""><a href="./registeredServices">Registered services</a></li>
</ul>
</div>
</div>
<!-- CENTER SIDE -->
<div class="uk-width-2-3@l uk-width-2-3@m">
<c:choose>
<c:when test="${not empty param.id}">
<h4 class="uk-margin-remove-top uk-text-bold uk-text-primary">Edit service</h4>
</c:when>
<c:otherwise>
<h4 class="uk-margin-remove-top uk-text-bold uk-text-primary">Add a new service</h4>
</c:otherwise>
</c:choose>
<!-- REGISTER FORM -->
<div id="registerForm">
<form action="registerService" method="POST" role="form" class="m-t uk-form-horizontal"
id="register_form">
<input type="hidden" name="id" value="${param.id}"/>
<c:choose>
<c:when test = "${not empty param.id}">
<input type="hidden" name="mode" value="edit"/>
</c:when>
<c:otherwise>
<input type="hidden" name="mode" value="create"/>
</c:otherwise>
</c:choose>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<div class="alert alert-success" aria-hidden="true" style="display: none;"></div>
<div class="alert alert-danger" aria-hidden="true" style="display: none;"></div>
<div class="uk-margin-medium-top">
<label class="uk-form-label uk-text-bold" for="first_name">Name*</label>
<div class="uk-margin-small">Give a name to your service</div>
<input id="first_name" name="first_name" type="text" placeholder="Name (*)"
class="uk-input ${first_name_error == true?'uk-form-danger':''}"
onkeyup="validate()" onfocusout="nameTouched = true;validate()" value="${(first_name != null)?first_name:''}">
<c:choose>
<c:when test="${first_name_error == true}">
<div id="first_name_error" class="uk-text-danger uk-text-small">Please enter a name for your service.
</div>
</c:when>
<c:otherwise>
<div id="first_name_error" style="display:none;" class="uk-text-danger uk-text-small">Please enter a name for your service.</div>
</c:otherwise>
</c:choose>
<c:remove var="first_name" scope="session"/>
<c:remove var="first_name_error" scope="session"/>
</div>
<div class="uk-margin-medium-top">
<label class="uk-form-label uk-text-bold">Security level</label>
<div id="security-hint" class="uk-margin"></div>
<div class="uk-margin-small-top">
<span class="uk-margin-small-right">
<input id="basic" class="uk-radio uk-margin-small-right" type="radio"
name="security_level"
value="basic" ${key_type == null ? 'checked' : ''}>
<label class="clickable" for="by_value">Basic</label>
</span>
<span>
<input id="advanced" class="uk-radio uk-margin-small-right" type="radio"
name="security_level" value="advanced" ${key_type != null ? 'checked' : ''}>
<label class="clickable" for="by_uri">Advanced</label>
</span>
</div>
</div>
<div id="public-key" class="uk-margin-medium-top">
<label class="uk-form-label uk-text-bold">Public Key</label>
<span class="uk-float-right">
<span class="uk-margin-small-right">
<input id="by_value" class="uk-radio uk-margin-small-right" type="radio"
name="key_type"
value="value" ${(key_type == 'value') ? 'checked' : ''}>
<label class="clickable" for="by_value">By Value</label>
</span>
<span>
<input id="by_uri" class="uk-radio uk-margin-small-right" type="radio"
name="key_type"
value="uri" ${key_type == 'uri' ? 'checked' : ''}>
<label class="clickable" for="by_uri">By URI</label>
</span>
</span>
<c:remove var="key_type" scope="session"/>
<div class="uk-margin">Public Key hint</div>
<div id="value_input">
<textarea id="value" name="value" type="textarea"
placeholder='{"kty": ..., "e": ... , "use": ... , "kid": ..., "alg": ... , "n": ...}'
onfocusout="valueTouched = true;validate()"
onkeyup="validate()"
class="uk-textarea ${value_error == true?'uk-form-danger':''}" rows="10">${(value != null)?value:''}</textarea>
<c:choose>
<c:when test="${value_error == true}">
<div id="value_error" class="uk-text-danger uk-text-small">Please provide a valid JSON. The format should be
{"kty": ..., "e": ... , "use": ... , "kid": ..., "alg": ... , "n": ...} </div>
<c:remove var="value_error" scope="session"/>
</c:when>
<c:otherwise>
<div id="value_error" style="display:none;" class="uk-text-danger uk-text-small">Please provide a valid JSON. The format should be
{"kty": ..., "e": ... , "use": ... , "kid": ..., "alg": ... , "n": ...} </div>
</c:otherwise>
</c:choose>
<c:remove var="value" scope="session"/>
</div>
<div id="uri_input" style="display:none;">
<input id="uri" name="uri" type="text" placeholder="https://" onfocusout="uriTouched = true;validate()"
onkeyup="validate()"
class="uk-input ${uri_error == true?'uk-form-danger':''}" value="${(jwksUri != null)?jwksUri:''}">
<c:choose>
<c:when test="${uri_error == true}">
<div id="uri_error" class="uk-text-danger uk-text-small">
Please provide a valid URI (do not forget the protocol! https://...)
</div>
<c:remove var="uri_error" scope="session"/>
</c:when>
<c:otherwise>
<div id="uri_error" style="display:none;" class="uk-text-danger uk-text-small">
Please provide a valid URI (do not forget the protocol! https://...)
</div>
</c:otherwise>
</c:choose>
<c:remove var="jwksUri" scope="session"/>
</div>
</div>
<div class="uk-flex uk-flex-right uk-margin-medium-top">
<a type="submit" class="uk-button uk-button-default uk-margin-small-right"
href="./registeredServices">Cancel</a>
<button id="create" type="submit" class="uk-button uk-button-primary" onclick="return validate();">
<c:choose>
<c:when test="${not empty param.id}">
Update service
</c:when>
<c:otherwise>
Add new service
</c:otherwise>
</c:choose>
</button>
</div>
</form>
</div>
<!-- END OF REGISTER FORM -->
</ul>
</div>
<!-- END OF CENTER SIDE -->
</div>
</div>
<!-- CONTENT ENDS HERE -->
<c:import url="footer.jsp"/>
</div>
</body>
</html>
<script>
var nameTouched = false;
var valueTouched = false;
var uriTouched = false;
$(document).ready(function () {
checkRadio();
if($('input[name=mode]').val() === 'edit') {
$("#basic").prop("disabled", true);
$("#advanced").prop("disabled", true);
}
if($('#value_error').is(':visible')) {
$("#value_input").get(0).scrollIntoView();
} else if($('#uri_error').is(':visible')) {
$("#uri_input").get(0).scrollIntoView();
}
$('input[type=radio][name=security_level]').change(function () {
var securityLevel = $('input[type=radio][name=security_level]:checked').val();
if(securityLevel === 'advanced') {
$("#by_value").prop("checked", true);
} else {
$("#by_value").prop("checked", false);
$("#by_uri").prop("checked", false);
}
checkRadio();
});
$('input[type=radio][name=key_type]').change(function () {
checkRadio();
});
});
function checkRadio() {
var securityLevel = $('input[type=radio][name=security_level]:checked').val();
if(securityLevel === 'basic') {
$("#security-hint").html('Register your service to get a client id and a client secret. Use the client id and secret to make your requests. <a href="https://graph.openaire.eu/develop/basic.html" target="_blank">Read more...</a>');
$("#public-key").hide();
} else {
$("#security-hint").html('Register your service to get a client id. Declare your public key and instead of using the client secret to make a request, send a client assertion (JWT) signed with your private key. <a href="https://graph.openaire.eu/develop/advanced.html" target="_blank">Read more...</a>');
var keyType = $('input[type=radio][name=key_type]:checked').val();
$("#public-key").show();
if (keyType === 'uri') {
$("#uri_input").show();
$("#value_input").hide();
} else if (keyType === 'value') {
$("#uri_input").hide();
$("#value_input").show();
}
}
validate();
}
function validate() {
var isValid = true;
var create = $('#create');
create.prop('disabled', true);
var name = $("#first_name");
if (name.val() !== undefined) {
if ($.trim(name.val()).length <= 0) {
if (nameTouched) {
name.addClass('uk-form-danger');
$("#first_name_error").show();
}
isValid = false;
} else {
if (nameTouched) {
name.removeClass('uk-form-danger');
$("#first_name_error").hide();
}
}
}
var securityLevel = $('input[type=radio][name=security_level]:checked').val();
if(securityLevel === 'advanced') {
var keyType = $('input[type=radio][name=key_type]:checked');
if (keyType.val() === 'value') {
if (!validateJSON()) {
if (valueTouched) {
$("#value").addClass('uk-form-danger');
$("#value_error").show();
}
isValid = false;
} else {
if (valueTouched) {
$("#value").removeClass('uk-form-danger');
$("#value_error").hide();
}
}
}
if (keyType.val() === 'uri') {
if (!validateURI()) {
if (uriTouched) {
$("#uri").addClass('uk-form-danger');
$("#uri_error").show();
}
isValid = false;
} else {
if (uriTouched) {
$("#uri").removeClass('uk-form-danger');
$("#uri_error").hide();
}
}
}
}
if (isValid) {
create.prop('disabled', false);
}
return isValid;
}
function validateJSON() {
var value = $("#value").val();
if (value !== undefined && value !== "") {
return /^[\],:{}\s]*$/.test(value.replace(/\\["\\\/bfnrtu]/g, '@').replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, ']').replace(/(?:^|:|,)(?:\s*\[)+/g, ''));
}
return false;
}
function validateURI() {
var value = $("#uri").val();
if (value !== undefined && value !== "") {
return /^(?:(?:(?:https):)?\/\/)(?:\S+(?::\S*)?@)?(?:(?!(?:10|127)(?:\.\d{1,3}){3})(?!(?:169\.254|192\.168)(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)(?:\.(?:[a-z\u00a1-\uffff0-9]-*)*[a-z\u00a1-\uffff0-9]+)*(?:\.(?:[a-z\u00a1-\uffff]{2,})))(?::\d{2,5})?(?:[/?#]\S*)?$/i.test(value);
}
return false;
}
</script>

View File

@ -1,191 +0,0 @@
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<!DOCTYPE html>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html lang="en-gb" dir="ltr" vocab="http://schema.org/">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<base href=".">
<title>OpenAIRE - Registered services</title>
<script src="./js/jquery.js"></script>
<script src="./js/uikit.min.js"></script>
<script src="./js/validation.js"></script>
<script src="./js/uikit-icons-max.js"></script>
<link rel="stylesheet" style="text/css" href="./css/theme.css">
<link rel="stylesheet" style="text/css" href="./css/custom.css">
<link rel="stylesheet" style="text/css" href="./css/aai-custom.css">
<link rel="icon" type="image/png" sizes="32x32" href="images/favicon/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="96x96" href="images/favicon//favicon-96x96.png">
<link rel="icon" type="image/png" sizes="16x16" href="images/favicon/favicon-16x16.png">
<link href="images/favicon/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon"/>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
</head>
<body class="" style="" onload="success();">
<div class="uk-offcanvas-content uk-height-viewport">
<jsp:include page="header.jsp"/>
<!-- CONTENT STARTS HERE -->
<div class=" uk-section uk-margin-small-top uk-container uk-container-large" id="tm-main">
<div class="uk-grid ">
<div class="uk-width-1-4@m">
<div class="uk-card uk-card-default uk-card-body">
<div class="uk-h4">API Access</div>
<ul class="uk-nav uk-nav-default">
<li class=""><a href="./personalToken">Personal token</a></li>
<li class="uk-active"><a href="./registeredServices">Registered services</a></li>
</ul>
</div>
</div>
<!-- CENTER SIDE -->
<div class="uk-width-2-3@l uk-width-2-3@m">
<div class="uk-grid" uk-grid>
<div class="uk-width-expand@m">
<h4 class="uk-margin-remove-top uk-text-bold uk-text-primary">Registered services</h4>
<c:if test="${message != null}">
<div class="uk-text-danger uk-margin-small-bottom">${message}</div>
<c:remove var="message" scope="session"/>
</c:if>
</div>
<div class="uk-text-center uk-width-auto@m">
<c:choose>
<c:when test="${not reachedLimit}">
<a class="uk-button uk-button-primary" href="./registerService">
<span class="uk-icon" uk-icon="icon:plus-circle"></span>
<span class="uk-margin-small-left">New service</span>
</a>
</c:when>
<c:otherwise>
<button class="uk-button uk-button-default" disabled>
<span class="uk-icon" uk-icon="icon:plus-circle"></span>
<span class="uk-margin-small-left">New service</span>
</button>
</c:otherwise>
</c:choose>
<c:remove var="reachedLimit" scope="session"/>
</div>
</div>
<div class="uk-margin-top">
<div class="uk-alert-primary uk-alert uk-margin-top-remove uk-flex uk-flex-middle">
<span uk-icon="info"></span>
<span class="uk-margin-small-left">You can register up to 5 services.
For more information please read the <a href="https://graph.openaire.eu/develop/authentication.html" target="_blank">OpenAIRE API Authentication documentation</a>.</span>
</div>
<c:if test="${reachedLimit}">
<div class="uk-alert-warning uk-flex uk-flex-middle uk-margin-small-top">
<span uk-icon="warning"></span>
<span class="uk-margin-small-left">You have reached the maximum size of allowed registered services.</span>
</div>
</c:if>
<c:if test="${empty registeredServices && showEmptyList}">
<div class="uk-text-center">You have not registered any service yet!</div>
</c:if>
<c:if test="${registeredServices.size() > 0}">
<ul class="uk-list uk-list-divider">
<li>
<div class="uk-grid uk-child-width-1-4 uk-text-muted" uk-grid>
<div>Name</div>
<div>Client Id</div>
<div>Creation Date</div>
<div>Actions</div>
</div>
</li>
<c:forEach items="${registeredServices}" var="registeredService" varStatus="loop">
<c:set var="key" value="${registeredService.id}"/>
<li>
<div class="uk-grid uk-child-width-1-4" uk-grid>
<div>
<a uk-toggle="target: #details${registeredService.id}; animation: uk-animation-fade">
<span>${registeredService.name}</span>
<span class="space" uk-icon="icon:info;ratio:0.7"></span>
</a>
</div>
<div>
<span>${registeredService.clientId}</span>
</div>
<div><fmt:formatDate value="${registeredService.date}"
pattern="dd-MM-yyyy HH:mm"/>
</div>
<div>
<a href="./registerService?id=${registeredService.id}" class="uk-margin-small-right">
<span uk-icon="pencil"></span>
</a>
<a class="uk-text-danger" uk-icon="trash" uk-toggle="target: #modal${registeredService.id}"></a>
<!-- This is the modal -->
<div id="modal${registeredService.id}" uk-modal>
<div class="uk-modal-dialog uk-modal-body">
<form name="delete${registeredService.id}"
id="delete${registeredService.id}" method="post">
<input type="hidden" name="id"
value="${registeredService.id}"/>
<h2 class="uk-margin-remove-top">Delete service</h2>
<div class="uk-margin-medium-bottom">
Are you sure you want to delete the
'${registeredService.name}' service? You cannot undo
this action!
</div>
<div class="uk-text-right">
<button class="uk-button uk-button-default uk-modal-close" type="button">Cancel
</button>
<button class="uk-button uk-button-danger uk-margin-small-left" type="button"
onclick="document.delete${registeredService.id}.submit();document.getElementById('modal${registeredService.id}').style.visibility='hidden';">
Delete
</button>
</div>
</form>
</div>
</div>
</div>
</div>
</li>
<li id="details${registeredService.id}" hidden="hidden">
<div class="uk-alert">
<p><span class="uk-text-primary">Name:</span> ${services[key].clientName}</p>
<p><span class="uk-text-primary">Client Id:</span> ${services[key].clientId}</p>
<p><span class="uk-text-primary">Scope:</span> openid</p>
<p><span class="uk-text-primary">Grant type:</span> client credentials</p>
<c:choose>
<c:when test="${registeredService.keyType == null}">
<p><span class="uk-text-primary">Client secret:</span> ${services[key].clientSecret}</p>
<p><span class="uk-text-primary">Authentication Method</span> Client Secret Basic</p>
</c:when>
<c:otherwise>
<p><span class="uk-text-primary">Authentication Method</span> Asymmetrically-signed JWT assertion</p>
<p><span class="uk-text-primary">Token Endpoint Authentication Signing Algorithm</span> RSASSA using
SHA-256 hash algorithm</p>
<p><span class="uk-text-primary">Public Key</span>
<pre><code>${keys[key]}</code></pre>
</p>
</c:otherwise>
</c:choose>
<p><span class="uk-text-primary">Creation Date:</span>
<jsp:useBean id="date" class="java.util.Date"/>
<jsp:setProperty name="date" property="time" value="${services[key].clientIdIssuedAt*1000}"/>
<fmt:formatDate value="${date}"
pattern="dd-MM-yyyy HH:mm"/>
</p>
</div>
</li>
</c:forEach>
</ul>
</c:if>
</div>
<!-- END OF CENTER SIDE -->
</div>
</div>
</div>
<!-- CONTENT ENDS HERE -->
<c:import url="footer.jsp"/>
</body>
</html>
<script>
function success() {
if('${success}' !=='')
UIkit.modal.alert('${success}');
}
</script>
<c:remove var="success" scope="session"/>