Rename ScopeReader to PropertyReader. Add redirect method in order to handle logout without redirect functionality. Extend logout successfull handler.
This commit is contained in:
parent
327307b7a0
commit
0beb8d6ed5
|
|
@ -38,6 +38,7 @@ public class HealthController {
|
|||
response.put("authentication.oidc.issuer", properties.getOidc().getIssuer());
|
||||
response.put("authentication.oidc.logout", properties.getOidc().getLogout());
|
||||
response.put("authentication.oidc.home", properties.getOidc().getHome());
|
||||
response.put("authentication.oidc.redirect", properties.getOidc().getRedirect());
|
||||
response.put("authentication.oidc.scope", properties.getOidc().getScope());
|
||||
response.put("authentication.oidc.id", properties.getOidc().getId());
|
||||
response.put("authentication.oidc.secret", properties.getOidc().getSecret());
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package eu.dnetlib.loginservice.controllers;
|
||||
|
||||
import eu.dnetlib.loginservice.entities.User;
|
||||
import eu.dnetlib.loginservice.properties.Properties;
|
||||
import eu.dnetlib.loginservice.services.UserInfoService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
|
@ -8,18 +9,37 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
|||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
|
||||
@RestController
|
||||
public class UserController {
|
||||
|
||||
private final UserInfoService userInfoService;
|
||||
private final Properties properties;
|
||||
|
||||
@Autowired
|
||||
public UserController(UserInfoService userInfoService) {
|
||||
public UserController(UserInfoService userInfoService, Properties properties) {
|
||||
this.userInfoService = userInfoService;
|
||||
this.properties = properties;
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/userInfo", method = RequestMethod.GET)
|
||||
public ResponseEntity<User> getUserInfo() {
|
||||
return ResponseEntity.ok(userInfoService.getUserInfo());
|
||||
}
|
||||
|
||||
@RequestMapping(value = "/redirect",method = RequestMethod.GET)
|
||||
public void redirect(HttpServletRequest request, HttpServletResponse response) throws IOException {
|
||||
HttpSession session = request.getSession();
|
||||
String redirect = (String) session.getAttribute("redirect");
|
||||
session.removeAttribute("redirect");
|
||||
if(redirect == null) {
|
||||
redirect = properties.getRedirect();
|
||||
}
|
||||
session.invalidate();
|
||||
response.sendRedirect(redirect);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ public class OIDC {
|
|||
|
||||
private String issuer;
|
||||
private String home;
|
||||
private String redirect;
|
||||
private String id;
|
||||
private String secret;
|
||||
private String scope = "";
|
||||
|
|
@ -25,6 +26,14 @@ public class OIDC {
|
|||
this.home = home;
|
||||
}
|
||||
|
||||
public String getRedirect() {
|
||||
return redirect;
|
||||
}
|
||||
|
||||
public void setRedirect(String redirect) {
|
||||
this.redirect = redirect;
|
||||
}
|
||||
|
||||
public String getId() {
|
||||
return id;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,29 +1,28 @@
|
|||
package eu.dnetlib.loginservice.security.initiliazers;
|
||||
|
||||
import com.sun.org.apache.xpath.internal.operations.Bool;
|
||||
import eu.dnetlib.loginservice.properties.Properties;
|
||||
import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
|
||||
import eu.dnetlib.loginservice.utils.ScopeReader;
|
||||
import eu.dnetlib.loginservice.utils.PropertyReader;
|
||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||
import org.mitre.oauth2.model.RegisteredClient;
|
||||
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
|
||||
import org.mitre.openid.connect.config.ServerConfiguration;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
|
||||
@Configuration
|
||||
public class Configurations {
|
||||
|
||||
private final Properties properties;
|
||||
private final ScopeReader scopeReader;
|
||||
private final PropertyReader scopeReader;
|
||||
private final OpenAIREAuthoritiesMapper authoritiesMapper;
|
||||
|
||||
@Autowired
|
||||
public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, ScopeReader scopeReader) {
|
||||
public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, PropertyReader scopeReader) {
|
||||
this.properties = properties;
|
||||
this.scopeReader = scopeReader;
|
||||
this.authoritiesMapper = authoritiesMapper;
|
||||
|
|
@ -44,7 +43,6 @@ public class Configurations {
|
|||
ServerConfiguration serverConfiguration = new ServerConfiguration();
|
||||
serverConfiguration.setIssuer(issuer);
|
||||
Boolean keycloak = properties.getKeycloak();
|
||||
|
||||
if(keycloak) {
|
||||
serverConfiguration.setAuthorizationEndpointUri(issuer + "/protocol/openid-connect/auth");
|
||||
serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
|
||||
|
|
@ -56,7 +54,6 @@ public class Configurations {
|
|||
serverConfiguration.setUserInfoUri(issuer + "userinfo");
|
||||
serverConfiguration.setJwksUri(issuer + "jwk");
|
||||
}
|
||||
|
||||
serverConfiguration.setRevocationEndpointUri(issuer + "revoke");
|
||||
return serverConfiguration;
|
||||
}
|
||||
|
|
@ -68,7 +65,7 @@ public class Configurations {
|
|||
client.setClientSecret(properties.getOidc().getSecret());
|
||||
client.setScope(scopeReader.getScopes());
|
||||
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
|
||||
client.setRedirectUris(Collections.singleton(properties.getOidc().getHome()));
|
||||
client.setRedirectUris(new HashSet<>(Arrays.asList(properties.getOidc().getHome(), properties.getOidc().getRedirect())));
|
||||
return client;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
package eu.dnetlib.loginservice.security.initiliazers;
|
||||
|
||||
import eu.dnetlib.loginservice.properties.Properties;
|
||||
import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
|
||||
import eu.dnetlib.loginservice.utils.EntryPoint;
|
||||
import eu.dnetlib.loginservice.utils.ScopeReader;
|
||||
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
|
||||
import eu.dnetlib.loginservice.utils.PropertyReader;
|
||||
import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder;
|
||||
import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService;
|
||||
import org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService;
|
||||
|
|
@ -25,8 +23,8 @@ public class Primitives {
|
|||
}
|
||||
|
||||
@Bean
|
||||
public ScopeReader scopeReader() {
|
||||
return new ScopeReader(this.properties.getOidc().getScope());
|
||||
public PropertyReader scopeReader() {
|
||||
return new PropertyReader(this.properties.getOidc().getScope());
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -30,13 +30,25 @@ public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler {
|
|||
|
||||
@Override
|
||||
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
|
||||
HttpSession session = request.getSession();
|
||||
String redirect = (String) session.getAttribute("redirect");
|
||||
session.removeAttribute("redirect");
|
||||
if(redirect == null) {
|
||||
redirect = properties.getRedirect();
|
||||
if(properties.getOidc().getRedirect() == null) {
|
||||
HttpSession session = request.getSession();
|
||||
String redirect = (String) session.getAttribute("redirect");
|
||||
session.removeAttribute("redirect");
|
||||
if(redirect == null) {
|
||||
redirect = properties.getRedirect();
|
||||
}
|
||||
session.invalidate();
|
||||
response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect));
|
||||
} else {
|
||||
StringBuilder sb = new StringBuilder(properties.getOidc().getIssuer());
|
||||
if(properties.getKeycloak()) {
|
||||
sb.append("/protocol/openid-connect/logout");
|
||||
sb.append("?client_id=").append(properties.getOidc().getId());
|
||||
sb.append("&post_logout_redirect_uri=").append(encodeValue(properties.getOidc().getRedirect()));
|
||||
} else {
|
||||
sb.append("/saml/logout");
|
||||
}
|
||||
response.sendRedirect(sb.toString());
|
||||
}
|
||||
session.invalidate();
|
||||
response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ import java.util.Collections;
|
|||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
public class ScopeReader {
|
||||
public class PropertyReader {
|
||||
|
||||
Set<String> scopes;
|
||||
|
||||
public ScopeReader(String property) {
|
||||
public PropertyReader(String property) {
|
||||
if (!property.trim().isEmpty()){
|
||||
scopes = new HashSet<>();
|
||||
Collections.addAll(scopes, property.split(","));
|
||||
|
|
@ -4,6 +4,7 @@ authentication.keycloak=false
|
|||
authentication.oidc.issuer=https://aai.openaire.eu/oidc/
|
||||
authentication.oidc.logout=https://aai.openaire.eu/proxy/saml2/idp/SingleLogoutService.php?ReturnTo=
|
||||
authentication.oidc.home=http://mpagasas.di.uoa.gr:19080/login-service/openid_connect_login
|
||||
authentication.oidc.redirect=http://mpagasas.di.uoa.gr:19080/login-service/redirect
|
||||
authentication.oidc.scope=openid,profile,email,eduperson_entitlement
|
||||
authentication.oidc.id=id
|
||||
authentication.oidc.secret=secret
|
||||
|
|
|
|||
Loading…
Reference in New Issue