Rename ScopeReader to PropertyReader. Add redirect method in order to handle logout without redirect functionality. Extend logout successfull handler.
This commit is contained in:
parent
327307b7a0
commit
0beb8d6ed5
|
@ -38,6 +38,7 @@ public class HealthController {
|
||||||
response.put("authentication.oidc.issuer", properties.getOidc().getIssuer());
|
response.put("authentication.oidc.issuer", properties.getOidc().getIssuer());
|
||||||
response.put("authentication.oidc.logout", properties.getOidc().getLogout());
|
response.put("authentication.oidc.logout", properties.getOidc().getLogout());
|
||||||
response.put("authentication.oidc.home", properties.getOidc().getHome());
|
response.put("authentication.oidc.home", properties.getOidc().getHome());
|
||||||
|
response.put("authentication.oidc.redirect", properties.getOidc().getRedirect());
|
||||||
response.put("authentication.oidc.scope", properties.getOidc().getScope());
|
response.put("authentication.oidc.scope", properties.getOidc().getScope());
|
||||||
response.put("authentication.oidc.id", properties.getOidc().getId());
|
response.put("authentication.oidc.id", properties.getOidc().getId());
|
||||||
response.put("authentication.oidc.secret", properties.getOidc().getSecret());
|
response.put("authentication.oidc.secret", properties.getOidc().getSecret());
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package eu.dnetlib.loginservice.controllers;
|
package eu.dnetlib.loginservice.controllers;
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.entities.User;
|
import eu.dnetlib.loginservice.entities.User;
|
||||||
|
import eu.dnetlib.loginservice.properties.Properties;
|
||||||
import eu.dnetlib.loginservice.services.UserInfoService;
|
import eu.dnetlib.loginservice.services.UserInfoService;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
|
@ -8,18 +9,37 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import javax.servlet.http.HttpSession;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
public class UserController {
|
public class UserController {
|
||||||
|
|
||||||
private final UserInfoService userInfoService;
|
private final UserInfoService userInfoService;
|
||||||
|
private final Properties properties;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public UserController(UserInfoService userInfoService) {
|
public UserController(UserInfoService userInfoService, Properties properties) {
|
||||||
this.userInfoService = userInfoService;
|
this.userInfoService = userInfoService;
|
||||||
|
this.properties = properties;
|
||||||
}
|
}
|
||||||
|
|
||||||
@RequestMapping(value = "/userInfo", method = RequestMethod.GET)
|
@RequestMapping(value = "/userInfo", method = RequestMethod.GET)
|
||||||
public ResponseEntity<User> getUserInfo() {
|
public ResponseEntity<User> getUserInfo() {
|
||||||
return ResponseEntity.ok(userInfoService.getUserInfo());
|
return ResponseEntity.ok(userInfoService.getUserInfo());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@RequestMapping(value = "/redirect",method = RequestMethod.GET)
|
||||||
|
public void redirect(HttpServletRequest request, HttpServletResponse response) throws IOException {
|
||||||
|
HttpSession session = request.getSession();
|
||||||
|
String redirect = (String) session.getAttribute("redirect");
|
||||||
|
session.removeAttribute("redirect");
|
||||||
|
if(redirect == null) {
|
||||||
|
redirect = properties.getRedirect();
|
||||||
|
}
|
||||||
|
session.invalidate();
|
||||||
|
response.sendRedirect(redirect);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ public class OIDC {
|
||||||
|
|
||||||
private String issuer;
|
private String issuer;
|
||||||
private String home;
|
private String home;
|
||||||
|
private String redirect;
|
||||||
private String id;
|
private String id;
|
||||||
private String secret;
|
private String secret;
|
||||||
private String scope = "";
|
private String scope = "";
|
||||||
|
@ -25,6 +26,14 @@ public class OIDC {
|
||||||
this.home = home;
|
this.home = home;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getRedirect() {
|
||||||
|
return redirect;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRedirect(String redirect) {
|
||||||
|
this.redirect = redirect;
|
||||||
|
}
|
||||||
|
|
||||||
public String getId() {
|
public String getId() {
|
||||||
return id;
|
return id;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,29 +1,28 @@
|
||||||
package eu.dnetlib.loginservice.security.initiliazers;
|
package eu.dnetlib.loginservice.security.initiliazers;
|
||||||
|
|
||||||
import com.sun.org.apache.xpath.internal.operations.Bool;
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
import eu.dnetlib.loginservice.properties.Properties;
|
||||||
import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
|
import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
|
||||||
import eu.dnetlib.loginservice.utils.ScopeReader;
|
import eu.dnetlib.loginservice.utils.PropertyReader;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.RegisteredClient;
|
import org.mitre.oauth2.model.RegisteredClient;
|
||||||
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
|
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
|
||||||
import org.mitre.openid.connect.config.ServerConfiguration;
|
import org.mitre.openid.connect.config.ServerConfiguration;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Arrays;
|
||||||
|
import java.util.HashSet;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
public class Configurations {
|
public class Configurations {
|
||||||
|
|
||||||
private final Properties properties;
|
private final Properties properties;
|
||||||
private final ScopeReader scopeReader;
|
private final PropertyReader scopeReader;
|
||||||
private final OpenAIREAuthoritiesMapper authoritiesMapper;
|
private final OpenAIREAuthoritiesMapper authoritiesMapper;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, ScopeReader scopeReader) {
|
public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, PropertyReader scopeReader) {
|
||||||
this.properties = properties;
|
this.properties = properties;
|
||||||
this.scopeReader = scopeReader;
|
this.scopeReader = scopeReader;
|
||||||
this.authoritiesMapper = authoritiesMapper;
|
this.authoritiesMapper = authoritiesMapper;
|
||||||
|
@ -44,7 +43,6 @@ public class Configurations {
|
||||||
ServerConfiguration serverConfiguration = new ServerConfiguration();
|
ServerConfiguration serverConfiguration = new ServerConfiguration();
|
||||||
serverConfiguration.setIssuer(issuer);
|
serverConfiguration.setIssuer(issuer);
|
||||||
Boolean keycloak = properties.getKeycloak();
|
Boolean keycloak = properties.getKeycloak();
|
||||||
|
|
||||||
if(keycloak) {
|
if(keycloak) {
|
||||||
serverConfiguration.setAuthorizationEndpointUri(issuer + "/protocol/openid-connect/auth");
|
serverConfiguration.setAuthorizationEndpointUri(issuer + "/protocol/openid-connect/auth");
|
||||||
serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
|
serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
|
||||||
|
@ -56,7 +54,6 @@ public class Configurations {
|
||||||
serverConfiguration.setUserInfoUri(issuer + "userinfo");
|
serverConfiguration.setUserInfoUri(issuer + "userinfo");
|
||||||
serverConfiguration.setJwksUri(issuer + "jwk");
|
serverConfiguration.setJwksUri(issuer + "jwk");
|
||||||
}
|
}
|
||||||
|
|
||||||
serverConfiguration.setRevocationEndpointUri(issuer + "revoke");
|
serverConfiguration.setRevocationEndpointUri(issuer + "revoke");
|
||||||
return serverConfiguration;
|
return serverConfiguration;
|
||||||
}
|
}
|
||||||
|
@ -68,7 +65,7 @@ public class Configurations {
|
||||||
client.setClientSecret(properties.getOidc().getSecret());
|
client.setClientSecret(properties.getOidc().getSecret());
|
||||||
client.setScope(scopeReader.getScopes());
|
client.setScope(scopeReader.getScopes());
|
||||||
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
|
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
|
||||||
client.setRedirectUris(Collections.singleton(properties.getOidc().getHome()));
|
client.setRedirectUris(new HashSet<>(Arrays.asList(properties.getOidc().getHome(), properties.getOidc().getRedirect())));
|
||||||
return client;
|
return client;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
package eu.dnetlib.loginservice.security.initiliazers;
|
package eu.dnetlib.loginservice.security.initiliazers;
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
import eu.dnetlib.loginservice.properties.Properties;
|
||||||
import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
|
|
||||||
import eu.dnetlib.loginservice.utils.EntryPoint;
|
import eu.dnetlib.loginservice.utils.EntryPoint;
|
||||||
import eu.dnetlib.loginservice.utils.ScopeReader;
|
import eu.dnetlib.loginservice.utils.PropertyReader;
|
||||||
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
|
|
||||||
import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder;
|
import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder;
|
||||||
import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService;
|
import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService;
|
||||||
import org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService;
|
import org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService;
|
||||||
|
@ -25,8 +23,8 @@ public class Primitives {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public ScopeReader scopeReader() {
|
public PropertyReader scopeReader() {
|
||||||
return new ScopeReader(this.properties.getOidc().getScope());
|
return new PropertyReader(this.properties.getOidc().getScope());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -30,13 +30,25 @@ public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
|
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
|
||||||
HttpSession session = request.getSession();
|
if(properties.getOidc().getRedirect() == null) {
|
||||||
String redirect = (String) session.getAttribute("redirect");
|
HttpSession session = request.getSession();
|
||||||
session.removeAttribute("redirect");
|
String redirect = (String) session.getAttribute("redirect");
|
||||||
if(redirect == null) {
|
session.removeAttribute("redirect");
|
||||||
redirect = properties.getRedirect();
|
if(redirect == null) {
|
||||||
|
redirect = properties.getRedirect();
|
||||||
|
}
|
||||||
|
session.invalidate();
|
||||||
|
response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect));
|
||||||
|
} else {
|
||||||
|
StringBuilder sb = new StringBuilder(properties.getOidc().getIssuer());
|
||||||
|
if(properties.getKeycloak()) {
|
||||||
|
sb.append("/protocol/openid-connect/logout");
|
||||||
|
sb.append("?client_id=").append(properties.getOidc().getId());
|
||||||
|
sb.append("&post_logout_redirect_uri=").append(encodeValue(properties.getOidc().getRedirect()));
|
||||||
|
} else {
|
||||||
|
sb.append("/saml/logout");
|
||||||
|
}
|
||||||
|
response.sendRedirect(sb.toString());
|
||||||
}
|
}
|
||||||
session.invalidate();
|
|
||||||
response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,11 +4,11 @@ import java.util.Collections;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
public class ScopeReader {
|
public class PropertyReader {
|
||||||
|
|
||||||
Set<String> scopes;
|
Set<String> scopes;
|
||||||
|
|
||||||
public ScopeReader(String property) {
|
public PropertyReader(String property) {
|
||||||
if (!property.trim().isEmpty()){
|
if (!property.trim().isEmpty()){
|
||||||
scopes = new HashSet<>();
|
scopes = new HashSet<>();
|
||||||
Collections.addAll(scopes, property.split(","));
|
Collections.addAll(scopes, property.split(","));
|
|
@ -4,6 +4,7 @@ authentication.keycloak=false
|
||||||
authentication.oidc.issuer=https://aai.openaire.eu/oidc/
|
authentication.oidc.issuer=https://aai.openaire.eu/oidc/
|
||||||
authentication.oidc.logout=https://aai.openaire.eu/proxy/saml2/idp/SingleLogoutService.php?ReturnTo=
|
authentication.oidc.logout=https://aai.openaire.eu/proxy/saml2/idp/SingleLogoutService.php?ReturnTo=
|
||||||
authentication.oidc.home=http://mpagasas.di.uoa.gr:19080/login-service/openid_connect_login
|
authentication.oidc.home=http://mpagasas.di.uoa.gr:19080/login-service/openid_connect_login
|
||||||
|
authentication.oidc.redirect=http://mpagasas.di.uoa.gr:19080/login-service/redirect
|
||||||
authentication.oidc.scope=openid,profile,email,eduperson_entitlement
|
authentication.oidc.scope=openid,profile,email,eduperson_entitlement
|
||||||
authentication.oidc.id=id
|
authentication.oidc.id=id
|
||||||
authentication.oidc.secret=secret
|
authentication.oidc.secret=secret
|
||||||
|
|
Loading…
Reference in New Issue