MaDgIK
/
dnet-openaire-users
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove login-core and add authorization configuration.

This commit is contained in:
Konstantinos Triantafyllou 2023-07-11 13:46:02 +03:00
parent 78f21ccbd3
commit c26a097eec
8 changed files with 169 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
pom.xml
View File

@ -21,11 +21,6 @@
<artifactId>uoa-user-management</artifactId>
<version>[2.0.0-SNAPSHOT, 3.0.0)</version>
</dependency>
<dependency>
<groupId>eu.dnetlib</groupId>
<artifactId>uoa-login-core</artifactId>
<version>1.0.3</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
@ -56,6 +51,7 @@
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
</dependency>
<!-- About spring security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
@ -71,6 +67,34 @@
<artifactId>spring-security-web</artifactId>
<version>4.2.1.RELEASE</version>
</dependency>
<!-- About redis -->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
<version>1.3.1.RELEASE</version>
<type>pom</type>
</dependency>
<dependency>
<groupId>biz.paluch.redis</groupId>
<artifactId>lettuce</artifactId>
<version>3.5.0.Final</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
</dependency>
<dependency>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-client</artifactId>
<version>1.3.0</version>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>

2
src/main/java/eu/dnetlib/openaire/usermanagement/api/Test3Service.java
View File

@ -7,9 +7,9 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import eu.dnetlib.openaire.user.dao.SQLMigrationUserDAO;
import eu.dnetlib.openaire.user.ldap.MUserActionsLDAP;
import eu.dnetlib.openaire.user.login.utils.AuthoritiesMapper;
import eu.dnetlib.openaire.user.pojos.migration.LDAPUser;
import eu.dnetlib.openaire.user.store.DataSourceConnector;
import eu.dnetlib.openaire.usermanagement.authorization.AuthoritiesMapper;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;

41
src/main/java/eu/dnetlib/openaire/usermanagement/authorization/AuthoritiesMapper.java Normal file
View File

@ -0,0 +1,41 @@
package eu.dnetlib.openaire.usermanagement.authorization;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import org.apache.log4j.Logger;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import java.util.Collection;
import java.util.HashSet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class AuthoritiesMapper {
private static final Logger logger = Logger.getLogger(AuthoritiesMapper.class);
public static Collection<? extends GrantedAuthority> map(JsonArray entitlements) {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>();
String regex = "urn:geant:openaire[.]eu:group:([^:]*):?(.*)?:role=member#aai[.]openaire[.]eu";
for(JsonElement obj: entitlements) {
Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString());
if (matcher.find()) {
StringBuilder sb = new StringBuilder();
if(matcher.group(1) != null && matcher.group(1).length() > 0) {
sb.append(matcher.group(1).replace("+-+", "_").replaceAll("[+.]", "_").toUpperCase());
}
if(matcher.group(2).length() > 0) {
sb.append("_");
if(matcher.group(2).equals("admins")) {
sb.append("MANAGER");
} else {
sb.append(matcher.group(2).toUpperCase());
}
}
authorities.add(new SimpleGrantedAuthority(sb.toString()));
}
}
return authorities;
}
}

49
src/main/java/eu/dnetlib/openaire/usermanagement/authorization/Config.java Normal file
View File

@ -0,0 +1,49 @@
package eu.dnetlib.openaire.usermanagement.authorization;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
@Configuration
@EnableRedisHttpSession
public class Config {
private static Logger logger = Logger.getLogger(Config.class);
@Value("${redis.host:localhost}")
private String host;
@Value("${redis.port:6379}")
private String port;
@Value("${redis.password:#{null}}")
private String password;
@Value("${webbapp.front.domain:.openaire.eu}")
private String domain;
@Bean
public LettuceConnectionFactory connectionFactory() {
logger.info(String.format("Redis connection listens to %s:%s ",host,port));
LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));
if(password != null) factory.setPassword(password);
return factory;
}
@Bean
public CookieSerializer cookieSerializer() {
logger.info("Cookie Serializer: Domain is "+domain);
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName("openAIRESession"); // <1>
serializer.setCookiePath("/"); // <2>
// serializer.setDomainNamePattern(""); //with value "" set's the domain of the service e.g scoobydoo.di.uoa.gr
serializer.setDomainName(domain);
return serializer;
}
}

19
src/main/java/eu/dnetlib/openaire/usermanagement/authorization/EntryPoint.java Normal file
View File

@ -0,0 +1,19 @@
package eu.dnetlib.openaire.usermanagement.authorization;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class EntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
}

9
src/main/resources/eu/dnet/openaire/usermanagement/springContext-dnetOpenaireUsersService.properties
View File

@ -3,3 +3,12 @@ google.recaptcha.key = 6LfYrU8UAAAAAFsl3m2YhP1uavdmAdFEXBkoY_vd
role-management.url = http://mpagasas.di.uoa.gr:8080/dnet-role-management
client-management.url = http://mpagasas.di.uoa.gr:5100
# Redis
redis.host = 127.0.0.1
#redis.port = 6379
#redis.password
webbapp.front = http://mpagasas.di.uoa.gr:4200/reload
webbapp.front.path = /
webbapp.front.domain = .di.uoa.gr

8
src/main/webapp/WEB-INF/applicationContext.xml
View File

@ -9,9 +9,7 @@
http://www.springframework.org/schema/context/spring-context-4.2.xsd">
<import resource="classpath*:/eu/dnetlib/openaire/user/springContext-userManagementService.xml" />
<import resource="classpath*:/eu/dnetlib/openaire/user/login/springContext-userLoginCore.xml" />
<import resource="classpath*:/eu/dnetlib/openaire/user/springContext-userManagementService.xml"/>
<context:component-scan base-package="eu.dnetlib.openaire.usermanagement.*"/>
<context:annotation-config />
@ -33,12 +31,10 @@
<value>classpath*:/eu/**/applicationContext*.properties</value>
<value>classpath*:/eu/dnetlib/applicationContext-defaultProperties.properties</value>
<value>classpath*:/eu/**/springContext-userManagementService.properties</value>
<value>classpath*:/eu/**/springContext-userLoginCore.properties</value>
<value>classpath*:/eu/**/springContext-dnetOpenaireUsersService.properties</value>
<value>classpath*:/uoa-override.properties</value>
<value>classpath*:/dnet-override.properties</value>
</list>
</property>
</bean>
</beans>
</beans>

23
src/main/webapp/WEB-INF/springContext-dnetOpenaireUsersService.xml
View File

@ -2,12 +2,27 @@
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"
default-autowire="byType">
<context:component-scan base-package="eu.dnetlib.openaire.user.api.services" />
<context:component-scan base-package="eu.dnetlib.openaire.user"/>
<context:annotation-config></context:annotation-config>
</beans>
<bean id="entryPoint" class="eu.dnetlib.openaire.usermanagement.authorization.EntryPoint"/>
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
</security:authentication-manager>
<security:global-method-security pre-post-annotations="enabled" secured-annotations="enabled" authentication-manager-ref="authenticationManager" />
<security:http auto-config="true" use-expressions="true">
<security:csrf disabled="true"/>
<security:http-basic entry-point-ref="entryPoint"/>
<!-- Permit all requests -->
<security:intercept-url pattern="/**" access="permitAll" />
</security:http>
<context:annotation-config/>
</beans>