diff --git a/src/main/java/eu/dnetlib/loginservice/controllers/HealthController.java b/src/main/java/eu/dnetlib/loginservice/controllers/HealthController.java index 580a4d7..88baf00 100644 --- a/src/main/java/eu/dnetlib/loginservice/controllers/HealthController.java +++ b/src/main/java/eu/dnetlib/loginservice/controllers/HealthController.java @@ -38,6 +38,7 @@ public class HealthController { response.put("authentication.oidc.issuer", properties.getOidc().getIssuer()); response.put("authentication.oidc.logout", properties.getOidc().getLogout()); response.put("authentication.oidc.home", properties.getOidc().getHome()); + response.put("authentication.oidc.redirect", properties.getOidc().getRedirect()); response.put("authentication.oidc.scope", properties.getOidc().getScope()); response.put("authentication.oidc.id", properties.getOidc().getId()); response.put("authentication.oidc.secret", properties.getOidc().getSecret()); diff --git a/src/main/java/eu/dnetlib/loginservice/controllers/UserController.java b/src/main/java/eu/dnetlib/loginservice/controllers/UserController.java index 936e02e..ac6c30a 100644 --- a/src/main/java/eu/dnetlib/loginservice/controllers/UserController.java +++ b/src/main/java/eu/dnetlib/loginservice/controllers/UserController.java @@ -1,6 +1,7 @@ package eu.dnetlib.loginservice.controllers; import eu.dnetlib.loginservice.entities.User; +import eu.dnetlib.loginservice.properties.Properties; import eu.dnetlib.loginservice.services.UserInfoService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; @@ -8,18 +9,37 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; + @RestController public class UserController { private final UserInfoService userInfoService; + private final Properties properties; @Autowired - public UserController(UserInfoService userInfoService) { + public UserController(UserInfoService userInfoService, Properties properties) { this.userInfoService = userInfoService; + this.properties = properties; } @RequestMapping(value = "/userInfo", method = RequestMethod.GET) public ResponseEntity getUserInfo() { return ResponseEntity.ok(userInfoService.getUserInfo()); } + + @RequestMapping(value = "/redirect",method = RequestMethod.GET) + public void redirect(HttpServletRequest request, HttpServletResponse response) throws IOException { + HttpSession session = request.getSession(); + String redirect = (String) session.getAttribute("redirect"); + session.removeAttribute("redirect"); + if(redirect == null) { + redirect = properties.getRedirect(); + } + session.invalidate(); + response.sendRedirect(redirect); + } } diff --git a/src/main/java/eu/dnetlib/loginservice/properties/OIDC.java b/src/main/java/eu/dnetlib/loginservice/properties/OIDC.java index 114a036..9706a6e 100644 --- a/src/main/java/eu/dnetlib/loginservice/properties/OIDC.java +++ b/src/main/java/eu/dnetlib/loginservice/properties/OIDC.java @@ -4,6 +4,7 @@ public class OIDC { private String issuer; private String home; + private String redirect; private String id; private String secret; private String scope = ""; @@ -25,6 +26,14 @@ public class OIDC { this.home = home; } + public String getRedirect() { + return redirect; + } + + public void setRedirect(String redirect) { + this.redirect = redirect; + } + public String getId() { return id; } diff --git a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java index 0b79cc1..c89800e 100644 --- a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java +++ b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java @@ -1,29 +1,28 @@ package eu.dnetlib.loginservice.security.initiliazers; -import com.sun.org.apache.xpath.internal.operations.Bool; import eu.dnetlib.loginservice.properties.Properties; import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper; -import eu.dnetlib.loginservice.utils.ScopeReader; +import eu.dnetlib.loginservice.utils.PropertyReader; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.client.OIDCAuthenticationProvider; import org.mitre.openid.connect.config.ServerConfiguration; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import java.util.Collections; +import java.util.Arrays; +import java.util.HashSet; @Configuration public class Configurations { private final Properties properties; - private final ScopeReader scopeReader; + private final PropertyReader scopeReader; private final OpenAIREAuthoritiesMapper authoritiesMapper; @Autowired - public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, ScopeReader scopeReader) { + public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, PropertyReader scopeReader) { this.properties = properties; this.scopeReader = scopeReader; this.authoritiesMapper = authoritiesMapper; @@ -44,7 +43,6 @@ public class Configurations { ServerConfiguration serverConfiguration = new ServerConfiguration(); serverConfiguration.setIssuer(issuer); Boolean keycloak = properties.getKeycloak(); - if(keycloak) { serverConfiguration.setAuthorizationEndpointUri(issuer + "/protocol/openid-connect/auth"); serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token"); @@ -56,7 +54,6 @@ public class Configurations { serverConfiguration.setUserInfoUri(issuer + "userinfo"); serverConfiguration.setJwksUri(issuer + "jwk"); } - serverConfiguration.setRevocationEndpointUri(issuer + "revoke"); return serverConfiguration; } @@ -68,7 +65,7 @@ public class Configurations { client.setClientSecret(properties.getOidc().getSecret()); client.setScope(scopeReader.getScopes()); client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC); - client.setRedirectUris(Collections.singleton(properties.getOidc().getHome())); + client.setRedirectUris(new HashSet<>(Arrays.asList(properties.getOidc().getHome(), properties.getOidc().getRedirect()))); return client; } } diff --git a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java index 5e3337b..664d979 100644 --- a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java +++ b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java @@ -1,10 +1,8 @@ package eu.dnetlib.loginservice.security.initiliazers; import eu.dnetlib.loginservice.properties.Properties; -import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper; import eu.dnetlib.loginservice.utils.EntryPoint; -import eu.dnetlib.loginservice.utils.ScopeReader; -import org.mitre.openid.connect.client.OIDCAuthenticationProvider; +import eu.dnetlib.loginservice.utils.PropertyReader; import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder; import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService; import org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService; @@ -25,8 +23,8 @@ public class Primitives { } @Bean - public ScopeReader scopeReader() { - return new ScopeReader(this.properties.getOidc().getScope()); + public PropertyReader scopeReader() { + return new PropertyReader(this.properties.getOidc().getScope()); } @Bean diff --git a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java b/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java index 31acd9f..ec607cd 100644 --- a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java +++ b/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java @@ -30,13 +30,25 @@ public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler { @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException { - HttpSession session = request.getSession(); - String redirect = (String) session.getAttribute("redirect"); - session.removeAttribute("redirect"); - if(redirect == null) { - redirect = properties.getRedirect(); + if(properties.getOidc().getRedirect() == null) { + HttpSession session = request.getSession(); + String redirect = (String) session.getAttribute("redirect"); + session.removeAttribute("redirect"); + if(redirect == null) { + redirect = properties.getRedirect(); + } + session.invalidate(); + response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect)); + } else { + StringBuilder sb = new StringBuilder(properties.getOidc().getIssuer()); + if(properties.getKeycloak()) { + sb.append("/protocol/openid-connect/logout"); + sb.append("?client_id=").append(properties.getOidc().getId()); + sb.append("&post_logout_redirect_uri=").append(encodeValue(properties.getOidc().getRedirect())); + } else { + sb.append("/saml/logout"); + } + response.sendRedirect(sb.toString()); } - session.invalidate(); - response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect)); } } diff --git a/src/main/java/eu/dnetlib/loginservice/utils/ScopeReader.java b/src/main/java/eu/dnetlib/loginservice/utils/PropertyReader.java similarity index 85% rename from src/main/java/eu/dnetlib/loginservice/utils/ScopeReader.java rename to src/main/java/eu/dnetlib/loginservice/utils/PropertyReader.java index 096361e..71a3879 100644 --- a/src/main/java/eu/dnetlib/loginservice/utils/ScopeReader.java +++ b/src/main/java/eu/dnetlib/loginservice/utils/PropertyReader.java @@ -4,11 +4,11 @@ import java.util.Collections; import java.util.HashSet; import java.util.Set; -public class ScopeReader { +public class PropertyReader { Set scopes; - public ScopeReader(String property) { + public PropertyReader(String property) { if (!property.trim().isEmpty()){ scopes = new HashSet<>(); Collections.addAll(scopes, property.split(",")); diff --git a/src/main/resources/authentication.properties b/src/main/resources/authentication.properties index a83b189..82773c2 100644 --- a/src/main/resources/authentication.properties +++ b/src/main/resources/authentication.properties @@ -4,6 +4,7 @@ authentication.keycloak=false authentication.oidc.issuer=https://aai.openaire.eu/oidc/ authentication.oidc.logout=https://aai.openaire.eu/proxy/saml2/idp/SingleLogoutService.php?ReturnTo= authentication.oidc.home=http://mpagasas.di.uoa.gr:19080/login-service/openid_connect_login +authentication.oidc.redirect=http://mpagasas.di.uoa.gr:19080/login-service/redirect authentication.oidc.scope=openid,profile,email,eduperson_entitlement authentication.oidc.id=id authentication.oidc.secret=secret