Changed getAccessTokenFromRefreshToken to expect the refresh token as parameter. Added service registration pages and methods.

This commit is contained in:
Katerina Iatropoulou 2020-09-30 14:42:10 +00:00
parent 3b64766253
commit f33a5b3e2d
8 changed files with 651 additions and 16 deletions

View File

@ -19,14 +19,10 @@ public class PersonalTokenServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter printWriter = response.getWriter();
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
System.out.println(authentication);
request.getSession().setAttribute("accessToken", authentication.getAccessTokenValue());
request.getSession().setAttribute("refreshToken", authentication.getRefreshTokenValue());
System.out.println("LALALLALLALALALA" + authentication.getAccessTokenValue());
request.getRequestDispatcher("./personal.jsp").include(request, response);
}

View File

@ -0,0 +1,79 @@
package eu.dnetlib.openaire.usermanagement;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
public class RegisterServiceServlet extends HttpServlet {
@Value("${oidc.issuer}")
private String issuer;
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
request.getRequestDispatcher("./registerService.jsp").include(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String name = request.getParameter("first_name").trim();
String description = request.getParameter("description").trim();
if ( name!= null && !name.isEmpty()){
ServiceRequest serviceJSON = new ServiceRequest();
serviceJSON.setClientName(name);
serviceJSON.setClientDescription(description);
GsonBuilder builder = new GsonBuilder();
builder.serializeNulls();
Gson gson = builder.create();
String json = gson.toJson(serviceJSON);
System.out.println(json);
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
CloseableHttpClient httpclient = HttpClients.createDefault();
//TODO fix this
HttpPost httppost = new HttpPost("https://openaire-dev.aai-dev.grnet.gr/oidc/api/clients");
httppost.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
httppost.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getAccessTokenValue());
StringEntity params = new StringEntity(json.toString());
httppost.setEntity(params);
HttpResponse httpResponse = null;
httpResponse = httpclient.execute(httppost);
String serverMessage = IOUtils.toString(httpResponse.getEntity().getContent(), StandardCharsets.UTF_8.name());
ServiceResponse serviceResponse = new Gson().fromJson(serverMessage, ServiceResponse.class);
System.out.println("The created id is " + serviceResponse.getId());
}
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
request.getSession().setAttribute("accessToken", authentication.getAccessTokenValue());
request.getSession().setAttribute("refreshToken", authentication.getRefreshTokenValue());
request.getRequestDispatcher("./serviceTokens.jsp").include(request, response);
}
}

View File

@ -0,0 +1,164 @@
package eu.dnetlib.openaire.usermanagement;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
public class ServiceRequest {
String clientName;
String clientId;
String[] redirectUris = new String[]{};
String clientDescription;
String logoUri;
String policyUri;
String[] contacts;
String[] scope = new String[]{"orcid", "openid", "email", "eduperson_entitlement", "profile", "offline_access"};
String[] grantTypes = new String[] {"client_credentials"};
boolean allowIntrospection = true;
String tokenEndpointAuthMethod = "PRIVATE KEY";
String tokenEndpointAuthSigningAlg = "RS256";
String jwksType = "VAL";
String jwksUri;
Jwks jwks = new Jwks();
boolean allowRefresh = false;
boolean reuseRefreshToken = true;
boolean clearAccessTokensOnRefresh = true;
public String getClientName() {
return clientName;
}
public void setClientName(String clientName) {
this.clientName = clientName;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String[] getRedirectUris() {
return redirectUris;
}
public void setRedirectUris(String[] redirectUris) {
this.redirectUris = redirectUris;
}
public String getClientDescription() {
return clientDescription;
}
public void setClientDescription(String clientDescription) {
this.clientDescription = clientDescription;
}
public String getLogoUri() {
return logoUri;
}
public void setLogoUri(String logoUri) {
this.logoUri = logoUri;
}
public String getPolicyUri() {
return policyUri;
}
public void setPolicyUri(String policyUri) {
this.policyUri = policyUri;
}
public String[] getContacts() {
return contacts;
}
public void setContacts(String[] contacts) {
this.contacts = contacts;
}
public String[] getScope() {
return scope;
}
public void setScope(String[] scope) {
this.scope = scope;
}
public String[] getGrantTypes() {
return grantTypes;
}
public void setGrantTypes(String[] grantTypes) {
this.grantTypes = grantTypes;
}
public boolean isAllowIntrospection() {
return allowIntrospection;
}
public void setAllowIntrospection(boolean allowIntrospection) {
this.allowIntrospection = allowIntrospection;
}
public String getTokenEndpointAuthMethod() {
return tokenEndpointAuthMethod;
}
public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) {
this.tokenEndpointAuthMethod = tokenEndpointAuthMethod;
}
public String getTokenEndpointAuthSigningAlg() {
return tokenEndpointAuthSigningAlg;
}
public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) {
this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg;
}
public String getJwksType() {
return jwksType;
}
public void setJwksType(String jwksType) {
this.jwksType = jwksType;
}
public String getJwksUri() {
return jwksUri;
}
public void setJwksUri(String jwksUri) {
this.jwksUri = jwksUri;
}
public static void main(String[] args) {
GsonBuilder builder = new GsonBuilder();
builder.serializeNulls();
Gson gson = builder.create();
String json = gson.toJson(new ServiceRequest());
System.out.println(json);
}
}
class Jwks {
Key[] keys = new Key[]{new Key()};
}
class Key {
String kty = "RSA";
String e = "AQAB";
String kid = "05794a3c-a6f5-430c-9822-da4e53597ba5";
String alg = "RS256";
String n = "hm_OUny05OJEwbGBqPjE7wWvnwTMgqUHJFis_S9nM7hTivXQ_LX9f89RaVcPpXboox81Y8rrfuVwV0nc-FGr_" +
"E0FFpI-IwJ_sUUEDwf-5Qxor3LNc_S_5BiPOfFHY7c-R-ablRIAvVTXqwIjcyLVQnaHLjb9XQPf9lBt9sCZ2jN-" +
"9HOLztMO3BZWZYIFqvNr8ySKHfVPdlk0Wx3N45KPY0kgxk5RPYW0HLRakSlhIJtqYCJOr2IiDUEMAj9Z9BoWjeUKiAX3E3ZRo-" +
"DO1TWcc7feq-0Pei2IBw3lvNpgcBBv1_BlrsZYzQqkKOcDbLAppuhR3inUNhc3G67OuWt8ow";
}

View File

@ -0,0 +1,244 @@
package eu.dnetlib.openaire.usermanagement;
public class ServiceResponse {
String id;
String clientId;
String clientSecret;
String[] redirectUris;
String clientName;
String clienrtUri;
String logoUri;
String[] contacts;
String tosUri;
String tokenEndpointAuthMethod;
String[] scope;
String grantTypes[];
String responseTypes[];
String policyUri;
String jwksUri;
Jwks jwks;
String applicationType;
String sectorIdentifierUri;
String subjectType;
String requestObjectSigningAlg;
String userInfoSignedResponseAlg;
String userInfoEncryptedResponseAlg;
String userInfoEncryptedResponseEnc;
String idTokenSignedResponseAlg;
String idTokenEncryptedResponseAlg;
String idTokenEncryptedResponseEnc;
String tokenEndpointAuthSigningAlg;
String defaultMaxAge;
String requireAuthTime;
String[] defaultACRvalues;
String initiateLoginUri;
String[] postLogoutRedirectUris;
String[] requestUris;
String[] authorities;
int accessTokenValiditySeconds;
int refreshTokenValiditySeconds;
String[] resourceIds;
String[] clientDescription;
boolean reuseRefreshToken;
boolean dynamicallyRegistered;
boolean allowIntrospection;
int idTokenValiditySeconds;
String createdAt;
boolean clearAccessTokensOnRefresh;
String deviceCodeValiditySeconds;
String[] claimsRedirectUris;
String softwareStatement;
String codeChallengeMethod;
public String getId() {
return id;
}
public String getClientId() {
return clientId;
}
public String getClientSecret() {
return clientSecret;
}
public String[] getRedirectUris() {
return redirectUris;
}
public String getClientName() {
return clientName;
}
public String getClienrtUri() {
return clienrtUri;
}
public String getLogoUri() {
return logoUri;
}
public String[] getContacts() {
return contacts;
}
public String getTosUri() {
return tosUri;
}
public String getTokenEndpointAuthMethod() {
return tokenEndpointAuthMethod;
}
public String[] getScope() {
return scope;
}
public String[] getGrantTypes() {
return grantTypes;
}
public String[] getResponseTypes() {
return responseTypes;
}
public String getPolicyUri() {
return policyUri;
}
public String getJwksUri() {
return jwksUri;
}
public Jwks getJwks() {
return jwks;
}
public String getApplicationType() {
return applicationType;
}
public String getSectorIdentifierUri() {
return sectorIdentifierUri;
}
public String getSubjectType() {
return subjectType;
}
public String getRequestObjectSigningAlg() {
return requestObjectSigningAlg;
}
public String getUserInfoSignedResponseAlg() {
return userInfoSignedResponseAlg;
}
public String getUserInfoEncryptedResponseAlg() {
return userInfoEncryptedResponseAlg;
}
public String getUserInfoEncryptedResponseEnc() {
return userInfoEncryptedResponseEnc;
}
public String getIdTokenSignedResponseAlg() {
return idTokenSignedResponseAlg;
}
public String getIdTokenEncryptedResponseAlg() {
return idTokenEncryptedResponseAlg;
}
public String getIdTokenEncryptedResponseEnc() {
return idTokenEncryptedResponseEnc;
}
public String getTokenEndpointAuthSigningAlg() {
return tokenEndpointAuthSigningAlg;
}
public String getDefaultMaxAge() {
return defaultMaxAge;
}
public String getRequireAuthTime() {
return requireAuthTime;
}
public String[] getDefaultACRvalues() {
return defaultACRvalues;
}
public String getInitiateLoginUri() {
return initiateLoginUri;
}
public String[] getPostLogoutRedirectUris() {
return postLogoutRedirectUris;
}
public String[] getRequestUris() {
return requestUris;
}
public String[] getAuthorities() {
return authorities;
}
public int getAccessTokenValiditySeconds() {
return accessTokenValiditySeconds;
}
public int getRefreshTokenValiditySeconds() {
return refreshTokenValiditySeconds;
}
public String[] getResourceIds() {
return resourceIds;
}
public String[] getClientDescription() {
return clientDescription;
}
public boolean isReuseRefreshToken() {
return reuseRefreshToken;
}
public boolean isDynamicallyRegistered() {
return dynamicallyRegistered;
}
public boolean isAllowIntrospection() {
return allowIntrospection;
}
public int getIdTokenValiditySeconds() {
return idTokenValiditySeconds;
}
public String getCreatedAt() {
return createdAt;
}
public boolean isClearAccessTokensOnRefresh() {
return clearAccessTokensOnRefresh;
}
public String getDeviceCodeValiditySeconds() {
return deviceCodeValiditySeconds;
}
public String[] getClaimsRedirectUris() {
return claimsRedirectUris;
}
public String getSoftwareStatement() {
return softwareStatement;
}
public String getCodeChallengeMethod() {
return codeChallengeMethod;
}
}

View File

@ -101,16 +101,15 @@ public class Test3Service {
@GET
@Path("/getAccessToken")
@Produces(MediaType.APPLICATION_JSON)
public Response getAccessTokenFromRefreshToken(@Context final HttpServletRequest request){
public Response getAccessTokenFromRefreshToken(@Context final HttpServletRequest request,
@QueryParam("refreshToken") String refreshToken){
String header = request.getHeader("Authorization");
if (header == null || !header.startsWith("Bearer ")) {
if (refreshToken == null || refreshToken.isEmpty()) {
return Response.status(Response.Status.BAD_REQUEST)
.entity(String.format(errorMessage, 400, "No JWT token found in request headers", "No JWT token found in request headers")).build();
.entity(String.format(errorMessage, 400, "Bad Request", "Missing refreshToken parameter"))
.type(MediaType.APPLICATION_JSON).build();
}
String refreshToken = header.substring(7);
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpPost httppost = new HttpPost(issuer+"/token");
@ -127,15 +126,16 @@ public class Test3Service {
try {
httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
//Execute and get the response.
response = httpclient.execute(httppost);
org.apache.http.HttpEntity entity = response.getEntity();
logger.debug("entity " + response.getEntity());
logger.debug("I am here");
if (response.getStatusLine().getStatusCode() == 401) {
return Response.status(Response.Status.UNAUTHORIZED)
.entity(String.format(errorMessage, 401, "Unauthorised", "Invalid refreshToken token " + refreshToken))
.type(MediaType.APPLICATION_JSON).build();
}
String serverMessage = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8.name());
return Response.status(response.getStatusLine().getStatusCode())
.entity(serverMessage).type(MediaType.APPLICATION_JSON).build();

View File

@ -154,6 +154,18 @@
<url-pattern>/personalToken</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>RegisterServiceServlet</servlet-name>
<display-name>Activate</display-name>
<servlet-class>eu.dnetlib.openaire.usermanagement.RegisterServiceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RegisterServiceServlet</servlet-name>
<url-pattern>/registerService</url-pattern>
</servlet-mapping>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>

View File

@ -15,7 +15,6 @@
<link rel="icon" type="image/png" sizes="96x96" href="images/favicon//favicon-96x96.png">
<link rel="icon" type="image/png" sizes="16x16" href="images/favicon/favicon-16x16.png">
<link href="images/favicon/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body class="" style="">
<div class="uk-offcanvas-content uk-height-viewport">

View File

@ -0,0 +1,141 @@
<%--
Created by IntelliJ IDEA.
User: sofia
Date: 19/10/2017
Time: 4:30 μμ
To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<!DOCTYPE html>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html lang="en-gb" dir="ltr" vocab="http://schema.org/">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<base href=".">
<title>OpenAIRE - Register</title>
<script src="./js/jquery.js"></script>
<script src="./js/uikit.js"></script>
<script src="./js/validation.js"></script>
<script src="./js/uikit-icons-max.js"></script>
<link rel="stylesheet" style="text/css" href="./css/theme.css">
<link rel="stylesheet" style="text/css" href="./css/custom.css">
<link rel="stylesheet" style="text/css" href="./css/aai-custom.css">
<link rel="icon" type="image/png" sizes="32x32" href="images/favicon/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="96x96" href="images/favicon//favicon-96x96.png">
<link rel="icon" type="image/png" sizes="16x16" href="images/favicon/favicon-16x16.png">
<link href="images/favicon/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />
</head>
<body class="" style="">
<div class="uk-offcanvas-content uk-height-viewport">
<!-- MENU STARTS HERE -->
<!-- MAIN MENU STARTS HERE -->
<div class="tm-header tm-header-transparent" uk-header="">
<div class="uk-container uk-container-expand">
<nav class="uk-navbar" uk-navbar="{&quot;align&quot;:&quot;left&quot;}">
<div class="uk-navbar-center">
<div class="uk-logo uk-navbar-item">
<img alt="OpenAIRE" class="uk-responsive-height" src="./images/Logo_Horizontal.png">
</div>
</div>
</nav>
</div>
</div>
<!-- MENU ENDS HERE -->
<!-- CONTENT STARTS HERE -->
<div class="first_page_section uk-section-default uk-section uk-padding-remove-vertical">
<div class="first_page_banner_headline uk-grid-collapse uk-flex-middle uk-margin-remove-vertical uk-grid" uk-grid="">
</div>
</div>
<div class=" uk-section uk-margin-small-top tm-middle custom-main-content" id="tm-main">
<div class="uk-container uk-container-small uk-margin-medium-top uk-margin-small-bottom uk-text-center">
<h2 class="uk-h2 uk-margin-small-bottom">Add a new service</h2>
<%--<div class="uk-text-meta uk-margin-large-bottom">Use the same credentials for all our services</div>--%>
<div class="tm-main uk-width-2-3@s uk-width-2-3@m uk-width-3-4@l uk-row-first uk-first-column uk-align-center">
<div class="uk-grid ">
<!-- CENTER SIDE -->
<div class="uk-width-1-1@m uk-width-1-1@s uk-text-center">
<h3 class="uk-h3">Please provide the basic information on your new service</h3>
<div class="middle-box text-center loginscreen animated fadeInDown ">
<div class="k-width-1-1@m uk-width-1-1@s uk-text-center">
<!-- REGISTER FORM -->
<div id="registerForm">
<form action="registerService" method="POST" role="form" class="m-t" id="register_form">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<div class="alert alert-success" aria-hidden="true" style="display: none;"></div>
<div class="alert alert-danger" aria-hidden="true" style="display: none;"></div>
<span id="server_error" class="uk-text-danger uk-text-small uk-float-left">${message}</span>
<c:remove var="message" scope="session" />
<div class="form-group">
<span class="msg_first_name_error uk-text-danger uk-text-small uk-float-left" style='${msg_first_name_error_display}'>Please enter a name for your service.</span>
<input id="first_name" name="first_name" type="text" placeholder="Name (*)" class="form-control" value=${first_name}></div>
<c:remove var="msg_first_name_error_display" scope="session" />
<c:remove var="first_name" scope="session" />
<div class="form-group">
<textarea id="description" name="description" type="textarea" placeholder="Description:" class="form-control uk-textarea" rows="3" value=${description}></textarea>
<c:remove var="organization" scope="session" />
<div class="uk-width-1-1 uk-grid-margin uk-first-column">
<button type="submit" class="uk-button uk-button-default" onclick="">Cancel</button>
<button type="submit" class="uk-button uk-button-primary" onclick="return validate();">Add new service</button>
</div>
</div>
</form>
</div>
<!-- END OF REGISTER FORM -->
<script>
function validate() {
// Check if name is filled
if($("#first_name").val() != undefined) {
if($.trim($("#first_name").val()).length <= 0) {
$("#first_name").addClass('uk-input aai-form-danger');
$(".msg_first_name_error").show();
return false;
} else {
$(".msg_first_name_error").hide();
$("#first_name").removeClass('aai-form-danger');
}
return true;
}
}
$("#first_name").focusin(function () {
$(this).removeClass('aai-form-danger');
$(".msg_first_name_error").fadeOut();
});
</script>
</div>
</ul>
</div>
</div>
<!-- END OF CENTER SIDE -->
</div>
</div>
</div>
</div>
</div>
<!-- CONTENT ENDS HERE -->
<!-- FOOTER STARTS HERE-->
<div class="custom-footer" style="z-index: 200;">
<div class="uk-section-primary uk-section uk-section-small">
<div class="uk-container">
<div class="uk-grid-margin uk-grid uk-grid-stack" uk-grid="">
<div class="uk-width-1-1@m uk-first-column">
<div class="uk-margin uk-margin-remove-top uk-margin-remove-bottom uk-text-center">
<img alt="OpenAIRE" class="el-image" src="./images/Logo_Horizontal_white_small.png">
</div>
<div class="footer-license uk-margin uk-margin-remove-bottom uk-text-center uk-text-lead">
<div><a href="http://creativecommons.org/licenses/by/4.0/" target="_blank" rel="license"><img alt="Creative" src="./images/80x15.png" style="height: auto; max-width: 100%; vertical-align: middle;"></a>&nbsp;UNLESS OTHERWISE INDICATED, ALL MATERIALS CREATED BY THE OPENAIRE CONSORTIUM ARE LICENSED UNDER A&nbsp;<a href="http://creativecommons.org/licenses/by/4.0/" rel="license">CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE</a>.</div>
<div>OPENAIRE IS POWERED BY&nbsp;<a href="http://www.d-net.research-infrastructures.eu/">D-NET</a>.</div>
</div>
<div class="uk-margin uk-margin-remove-top uk-margin-remove-bottom uk-text-right">
<a class="uk-totop uk-icon" href="#" uk-scroll="" uk-totop="">
</a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>