MaDgIK
/
dnet-openaire-users
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merging edit and create registered service

This commit is contained in:
Katerina Iatropoulou 2020-10-29 09:52:22 +00:00
parent d2bacd8e98
commit 9ba8cb3d7d
9 changed files with 142 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
src/main/java/eu/dnetlib/openaire/usermanagement/EditRegisteredService.java
View File

@ -1,124 +0,0 @@
package eu.dnetlib.openaire.usermanagement;
import eu.dnetlib.openaire.user.pojos.RegisteredService;
import eu.dnetlib.openaire.usermanagement.utils.RegisteredServicesUtils;
import eu.dnetlib.openaire.usermanagement.utils.TokenUtils;
import org.apache.http.HttpResponse;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.SQLException;
public class EditRegisteredService extends HttpServlet {
@Autowired
private RegisteredServicesUtils registeredServicesUtils;
private static final Logger logger = Logger.getLogger(EditRegisteredService.class);
public void init(ServletConfig config) throws ServletException {
super.init(config);
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,
config.getServletContext());
}
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.getSession().setAttribute("authenticated",
!SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()
.equals("anonymousUser"));
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.
getContext().getAuthentication();
String accessToken = authentication.getAccessTokenValue();
String serviceId = request.getParameter("id");
int serviceIdInt = Integer.parseInt(serviceId);
try {
if (!registeredServicesUtils.isAuthorized(authentication.getSub(), serviceIdInt)) {
request.getSession().setAttribute("message", "You have no permission to edit the service.");
response.sendRedirect("./registeredServices");
}
} catch (SQLException sqle) {
logger.error("Unable to access service with id " + serviceId, sqle);
request.getSession().setAttribute("message", "There was an error accessing your service.");
response.sendRedirect("./registeredServices");
} catch (NumberFormatException nfe) {
logger.error("Unable to access service with id " + serviceId, nfe);
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
response.sendRedirect("./registeredServices");
}
if (serviceId == null || serviceId.isEmpty()) { //TODO WRONG MESSAGE
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
}
RegisteredService registeredService = null;
try {
registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(Integer.parseInt(serviceId));
} catch (SQLException sqle) {
logger.error("Unable to access service with id " + serviceId, sqle);
request.getSession().setAttribute("message", "There was an error accessing your service.");
response.sendRedirect("./registeredServices");
}
if (registeredService != null && registeredService.getAai_id() != null) {
ServiceResponse serviceResponse = TokenUtils.getRegisteredService(registeredService.getAai_id(), accessToken);
request.getSession().setAttribute("serviceId", serviceResponse.getId());
System.out.println("service client name " + serviceResponse.getClientName());
request.getSession().setAttribute("first_name", serviceResponse.getClientName());
System.out.println("service client description " + serviceResponse.getClientDescription());
request.getSession().setAttribute("description", serviceResponse.getClientDescription());
} else {
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
}
response.setContentType("text/html");
request.getRequestDispatcher("./editRegisteredService.jsp").include(request, response);
}
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
String accessToken = authentication.getAccessTokenValue();
String serviceId = request.getParameter("serviceId");
String name = request.getParameter("first_name");
String description = request.getParameter("description");
HttpResponse resp = TokenUtils.updateService(serviceId, authentication.getSub(), name, description, authentication.getUserInfo().getEmail(), accessToken);
if (resp.getStatusLine().getStatusCode()==200) {
RegisteredService registeredService = new RegisteredService();
registeredService.setName(name);
registeredService.setAai_id(serviceId);
try {
registeredServicesUtils.getRegisteredServiceDao().update(registeredService);
} catch (SQLException sqle) {
logger.error("Unable to contact db.", sqle);
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
response.setContentType("text/html");
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
}
request.getSession().setAttribute("success", "Your service with name '" + name + "' was successfully updated");
}
response.sendRedirect("./registeredServices");
}
}

1
src/main/java/eu/dnetlib/openaire/usermanagement/PersonalTokenServlet.java
View File

@ -26,7 +26,6 @@ import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
public class PersonalTokenServlet extends HttpServlet {
@Value("${oidc.secret}")

89
src/main/java/eu/dnetlib/openaire/usermanagement/RegisterServiceServlet.java
View File

@ -35,22 +35,101 @@ public class RegisterServiceServlet extends HttpServlet {
@Autowired
private RegisteredServicesUtils registeredServicesUtils;
@Autowired
private TokenUtils tokenUtils;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.
getContext().getAuthentication();
String userid = authentication.getSub();
//Careful! Redirects in method
checkNumberOfRegisteredServices(request, response, authentication);
response.setContentType("text/html");
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0));
name.append(authentication.getUserInfo().getFamilyName().charAt(0));
request.getSession().setAttribute("name", name.toString());
String idParam = request.getParameter("id");
String serviceName = (String) request.getSession().getAttribute("first_name");
String description = (String) request.getSession().getAttribute("description");
String keyType = (String) request.getSession().getAttribute("key_radio");
String jwksUri = (String) request.getSession().getAttribute("uri");
String jwksString = (String) request.getSession().getAttribute("value");
if (idParam != null && !idParam.isEmpty()) { // EDIT CASE
System.out.println("In edit");
try {
int id = Integer.parseInt(idParam);
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(id);
if (registeredService != null && registeredServicesUtils.isAuthorized(userid, id)) {
ServiceResponse serviceResponse = tokenUtils.getRegisteredService(registeredService.getAai_id(), authentication.getAccessTokenValue());
updateFormFields(request, serviceName, description, keyType, serviceResponse);
} else {
if (registeredService == null) {
System.out.println("No service found!");
request.getSession().setAttribute("message", "Not valid registered service with given id " + id + ".");
response.sendRedirect("./registeredServices");
logger.warn("Not valid registered service with " + id + "id.");
} else {
System.out.println("Not authorized");
request.getSession().setAttribute("message", "Not authorized to edit the registered service with " + id + "id.");
response.sendRedirect("./registeredServices");
logger.warn("Not authorized to edit the service with " + id + "id.");
}
}
} catch(NumberFormatException nfe){
System.out.println("WRONG FORMAT");
request.getSession().setAttribute("message", "Invalid service id.");
response.sendRedirect("./registeredServices");
logger.error("Invalid service id.", nfe);
} catch(SQLException sqle){
System.out.println("SQL PROBLEM");
request.getSession().setAttribute("message", "Could not fetch registered service.");
response.sendRedirect("./registeredServices");
logger.error("Could not fetch registered service.", sqle);
}
} else {// NEW SERVICE CASE
//Careful! Redirects in method
checkNumberOfRegisteredServices(request, response, authentication);
}
response.setContentType("text/html");
request.getRequestDispatcher("./registerService.jsp").include(request, response);
}
private void updateFormFields(HttpServletRequest request, String serviceName, String description, String keyType, ServiceResponse serviceResponse) {
String jwksUri;
if (serviceName ==null || serviceName.trim().isEmpty()) {
request.getSession().setAttribute("first_name", serviceResponse.getClientName());
}
if (description == null || description.trim().isEmpty()) {
request.getSession().setAttribute("description", serviceResponse.getClientDescription());
}
if (keyType == null || keyType.trim().isEmpty()) {
if (serviceResponse.getJwksUri()!=null){
keyType = "uri";
jwksUri = serviceResponse.getJwksUri();
} else {
keyType = "value";
Key key = serviceResponse.getJwks().keys[0];
Gson gson = new GsonBuilder().setPrettyPrinting().create();
request.getSession().setAttribute("value", gson.toJson(key));
}
}
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
@ -111,7 +190,7 @@ public class RegisterServiceServlet extends HttpServlet {
serverRequestJSON = createServiceJson(name, description, email, jwks);
}
serverMessage = TokenUtils.registerService(serverRequestJSON, accessToken);
serverMessage = tokenUtils.registerService(serverRequestJSON, accessToken);
if (serverMessage == null) {
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");

7
src/main/java/eu/dnetlib/openaire/usermanagement/RegisteredServicesServlet.java
View File

@ -30,6 +30,9 @@ public class RegisteredServicesServlet extends HttpServlet {
@Autowired
private RegisteredServicesUtils registeredServicesUtils;
@Autowired
private TokenUtils tokenUtils;
public void init(ServletConfig config) throws ServletException {
super.init(config);
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,
@ -67,7 +70,7 @@ public class RegisteredServicesServlet extends HttpServlet {
Map<String, String> serviceKey = new HashMap<>();
for (RegisteredService registeredService:registeredServices) {
ServiceResponse serviceResponse = TokenUtils.getRegisteredService(registeredService.getAai_id(),authentication.getAccessTokenValue());
ServiceResponse serviceResponse = tokenUtils.getRegisteredService(registeredService.getAai_id(),authentication.getAccessTokenValue());
serviceResponses.put(registeredService.getId(), serviceResponse);
serviceKey.put(registeredService.getId(), extractPublicKeySet(serviceResponse));
}
@ -121,7 +124,7 @@ public class RegisteredServicesServlet extends HttpServlet {
}
String aai_id = registeredService.getAai_id();
HttpResponse resp = TokenUtils.deleteService(aai_id, authentication.getAccessTokenValue());
HttpResponse resp = tokenUtils.deleteService(aai_id, authentication.getAccessTokenValue());
int statusCode = resp.getStatusLine().getStatusCode();
System.out.println("STATUS CODE " + statusCode);

30
src/main/java/eu/dnetlib/openaire/usermanagement/utils/AuthenticationUtils.java
View File

@ -1,13 +1,41 @@
package eu.dnetlib.openaire.usermanagement.utils;
import com.google.gson.JsonParser;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class AuthenticationUtils {
public static boolean isAuthenticated(OIDCAuthenticationToken authenticationToken) {
if (authenticationToken != null) {
return true;
}
return false;
}
public static boolean hasJWTExpired(String accessToken){
String regex = "^([A-Za-z0-9-_=]+)\\.([A-Za-z0-9-_=]+)\\.?([A-Za-z0-9-_.+=]*)$";
Matcher matcher = Pattern.compile(regex).matcher(accessToken);
long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong();
return (exp - (new Date().getTime()/1000)<=0);
}
}

26
src/main/java/eu/dnetlib/openaire/usermanagement/utils/TokenUtils.java
View File

@ -13,20 +13,25 @@ import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.List;
@Component
public class TokenUtils {
private Logger logger = Logger.getLogger(TokenUtils.class);
public static String registerService(String serverRequestJSON, String accessToken)
@Value("${oidc.issuer}")
private String issuer;
public String registerService(String serverRequestJSON, String accessToken)
throws IOException {
//TODO fix this
HttpPost httppost = new HttpPost("https://openaire-dev.aai-dev.grnet.gr/oidc/api/clients");
HttpPost httppost = new HttpPost( issuer + "/api/clients");
httppost.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
httppost.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken);
StringEntity params = new StringEntity(serverRequestJSON.toString());
@ -43,14 +48,14 @@ public class TokenUtils {
return null;
}
public static HttpResponse updateService(String serviceId, String userId, String name, String description, String email, String accessToken) throws IOException {
public HttpResponse updateService(String serviceId, String userId, String name, String description, String email, String accessToken) throws IOException {
System.out.println("Updated name " + name);
System.out.println("Updated description " + description);
//TODO FIX THIS!!!
//String json = createServiceJson(name, description);
String json ="";
HttpPut httpPut = new HttpPut("https://openaire-dev.aai-dev.grnet.gr/oidc/api/clients/"+serviceId);
HttpPut httpPut = new HttpPut(issuer + "/api/clients/"+serviceId);
httpPut.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
httpPut.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken);
StringEntity params = new StringEntity(json.toString());
@ -60,10 +65,10 @@ public class TokenUtils {
return httpclient.execute(httpPut);
}
public static HttpResponse deleteService(String serviceId, String accessToken) throws IOException {
public HttpResponse deleteService(String serviceId, String accessToken) throws IOException {
System.out.println("DELETE " + "https://openaire-dev.aai-dev.grnet.gr/oidc/api/clients/"+serviceId);
HttpDelete httpDelete = new HttpDelete("https://openaire-dev.aai-dev.grnet.gr/oidc/api/clients/"+serviceId);
System.out.println("DELETE " + issuer + "/api/clients/"+serviceId);
HttpDelete httpDelete = new HttpDelete(issuer + "/api/clients/"+serviceId);
httpDelete.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
httpDelete.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken);
@ -71,8 +76,9 @@ public class TokenUtils {
return httpclient.execute(httpDelete);
}
public static ServiceResponse getRegisteredService(String serviceId, String accessToken) throws IOException {
HttpGet httpGet = new HttpGet("https://openaire-dev.aai-dev.grnet.gr/oidc/api/clients/"+serviceId);
public ServiceResponse getRegisteredService(String serviceId, String accessToken) throws IOException {
System.out.println("ISSUER " + issuer);
HttpGet httpGet = new HttpGet(issuer + "/api/clients/"+ serviceId);
httpGet.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken);
CloseableHttpClient httpclient = HttpClients.createDefault();

12
src/main/webapp/WEB-INF/web.xml
View File

@ -190,18 +190,6 @@
<url-pattern>/registeredServices</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>EditRegisteredServicesServlet</servlet-name>
<display-name>Activate</display-name>
<servlet-class>eu.dnetlib.openaire.usermanagement.EditRegisteredService</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>EditRegisteredServicesServlet</servlet-name>
<url-pattern>/editRegisteredService</url-pattern>
</servlet-mapping>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>

3
src/main/webapp/registerService.jsp
View File

@ -45,6 +45,9 @@
<div class="uk-width-2-3@l uk-width-2-3@m">
<h4 class="uk-margin-remove-top uk-text-bold uk-text-primary">Add a new service</h4>
<!-- REGISTER FORM -->
PPPPPPPPP
${registeredService}
<div id="registerForm">
<form action="registerService" method="POST" role="form" class="m-t uk-form-horizontal"
id="register_form">

6
src/main/webapp/registeredServices.jsp
View File

@ -45,6 +45,10 @@
<div class="uk-text-success uk-margin-small-bottom">${success}</div>
<c:remove var="success" scope="session"/>
</c:if>
<c:if test="${message != null}">
<div class="uk-text-danger uk-margin-small-bottom">${message}</div>
<c:remove var="message" scope="session"/>
</c:if>
<div class="uk-alert-primary uk-flex uk-flex-middle">
<span uk-icon="info"></span>
<span class="uk-margin-small-left">You can register up to 5 services.</span>
@ -101,7 +105,7 @@
pattern="dd-MM-yyyy HH:mm"/>
</div>
<div>
<a href="./editRegisteredService?id=${registeredService.id}" class="uk-margin-small-right">
<a href="./registerService?id=${registeredService.id}" class="uk-margin-small-right">
<span uk-icon="pencil"></span>
</a>
<a class="uk-text-danger" uk-icon="trash" uk-toggle="target: #modal${registeredService.id}"></a>