diff --git a/pom.xml b/pom.xml index 66d3908..9688cea 100644 --- a/pom.xml +++ b/pom.xml @@ -17,30 +17,9 @@ - org.springframework.boot - spring-boot-starter-security - - - - org.springframework.session - spring-session-data-redis - - - biz.paluch.redis - lettuce - 4.3.3.Final - - - - org.mitre - openid-connect-client - 1.3.0 - - - org.bouncycastle - bcprov-jdk15on - - + eu.dnetlib + uoa-login-core + 2.0.2 diff --git a/src/main/java/eu/dnetlib/loginservice/LoginServiceApplication.java b/src/main/java/eu/dnetlib/loginservice/LoginServiceApplication.java index aeac5b7..2e9e2a5 100644 --- a/src/main/java/eu/dnetlib/loginservice/LoginServiceApplication.java +++ b/src/main/java/eu/dnetlib/loginservice/LoginServiceApplication.java @@ -1,19 +1,19 @@ package eu.dnetlib.loginservice; -import eu.dnetlib.loginservice.properties.APIProperties; +import eu.dnetlib.authentication.configuration.AuthenticationConfiguration; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Import; import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.PropertySources; -import eu.dnetlib.loginservice.properties.Properties; @SpringBootApplication(scanBasePackages = {"eu.dnetlib.loginservice"}) @PropertySources({ @PropertySource("classpath:authentication.properties"), + @PropertySource("classpath:login-service.properties"), @PropertySource(value = "classpath:dnet-override.properties", ignoreResourceNotFound = true) }) -@EnableConfigurationProperties({Properties.class, APIProperties.class}) +@Import({AuthenticationConfiguration.class}) public class LoginServiceApplication { public static void main(String[] args) { diff --git a/src/main/java/eu/dnetlib/loginservice/security/SwaggerConfig.java b/src/main/java/eu/dnetlib/loginservice/configuration/SwaggerConfig.java similarity index 84% rename from src/main/java/eu/dnetlib/loginservice/security/SwaggerConfig.java rename to src/main/java/eu/dnetlib/loginservice/configuration/SwaggerConfig.java index bf0575f..94a580d 100644 --- a/src/main/java/eu/dnetlib/loginservice/security/SwaggerConfig.java +++ b/src/main/java/eu/dnetlib/loginservice/configuration/SwaggerConfig.java @@ -1,6 +1,6 @@ -package eu.dnetlib.loginservice.security; +package eu.dnetlib.loginservice.configuration; -import eu.dnetlib.loginservice.properties.APIProperties; +import eu.dnetlib.authentication.configuration.APIProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -42,6 +42,17 @@ public class SwaggerConfig extends WebMvcConfigurerAdapter { .build(); } + @Bean + public Docket createRestApiLoginCore() { + return new Docket(DocumentationType.SWAGGER_2) + .apiInfo(apiInfo()) + .groupName("Login Core") + .select() + .apis(RequestHandlerSelectors.basePackage("eu.dnetlib.authentication.controllers")) + .paths(PathSelectors.any()) + .build(); + } + private ApiInfo apiInfo() { return new ApiInfoBuilder() .title(this.apiProperties.getTitle()) diff --git a/src/main/java/eu/dnetlib/loginservice/controllers/HealthController.java b/src/main/java/eu/dnetlib/loginservice/controllers/HealthController.java index 1dacdc9..90b6df6 100644 --- a/src/main/java/eu/dnetlib/loginservice/controllers/HealthController.java +++ b/src/main/java/eu/dnetlib/loginservice/controllers/HealthController.java @@ -1,6 +1,7 @@ package eu.dnetlib.loginservice.controllers; -import eu.dnetlib.loginservice.properties.Properties; +import eu.dnetlib.authentication.configuration.AuthenticationConfiguration; +import eu.dnetlib.authentication.configuration.Properties; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; @@ -9,17 +10,16 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import java.util.HashMap; import java.util.Map; @RestController public class HealthController { private final Logger log = LogManager.getLogger(this.getClass()); - private final Properties properties; + private final AuthenticationConfiguration configuration; @Autowired - public HealthController(Properties properties) { - this.properties = properties; + public HealthController(AuthenticationConfiguration configuration) { + this.configuration = configuration; } @RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET) @@ -31,20 +31,6 @@ public class HealthController { @PreAuthorize("hasAnyAuthority('PORTAL_ADMINISTRATOR')") @RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET) public Map checkEverything() { - Map response = new HashMap<>(); - response.put("authentication.domain", properties.getDomain()); - response.put("authentication.keycloak", properties.getKeycloak().toString()); - response.put("authentication.redis.host", properties.getRedis().getHost()); - response.put("authentication.oidc.issuer", properties.getOidc().getIssuer()); - response.put("authentication.oidc.logout", properties.getOidc().getLogout()); - response.put("authentication.oidc.home", properties.getOidc().getHome()); - response.put("authentication.oidc.scope", properties.getOidc().getScope()); - response.put("authentication.oidc.id", properties.getOidc().getId()); - response.put("authentication.oidc.secret", properties.getOidc().getSecret()); - response.put("authentication.session", properties.getSession()); - response.put("authentication.accessToken", properties.getAccessToken()); - response.put("authentication.redirect", properties.getRedirect()); - response.put("authentication.authorities-mappe", properties.getAuthoritiesMapper()); - return response; + return configuration.getProperties(); } } diff --git a/src/main/java/eu/dnetlib/loginservice/controllers/UserController.java b/src/main/java/eu/dnetlib/loginservice/controllers/UserController.java deleted file mode 100644 index 936e02e..0000000 --- a/src/main/java/eu/dnetlib/loginservice/controllers/UserController.java +++ /dev/null @@ -1,25 +0,0 @@ -package eu.dnetlib.loginservice.controllers; - -import eu.dnetlib.loginservice.entities.User; -import eu.dnetlib.loginservice.services.UserInfoService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RestController; - -@RestController -public class UserController { - - private final UserInfoService userInfoService; - - @Autowired - public UserController(UserInfoService userInfoService) { - this.userInfoService = userInfoService; - } - - @RequestMapping(value = "/userInfo", method = RequestMethod.GET) - public ResponseEntity getUserInfo() { - return ResponseEntity.ok(userInfoService.getUserInfo()); - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/entities/User.java b/src/main/java/eu/dnetlib/loginservice/entities/User.java deleted file mode 100644 index ca459d1..0000000 --- a/src/main/java/eu/dnetlib/loginservice/entities/User.java +++ /dev/null @@ -1,74 +0,0 @@ -package eu.dnetlib.loginservice.entities; - -import org.mitre.openid.connect.model.OIDCAuthenticationToken; -import org.springframework.security.core.GrantedAuthority; - -import java.util.Set; -import java.util.stream.Collectors; - -public class User { - - private String sub; - private String name; - private String given_name; - private String family_name; - private String email; - private Set roles; - - public User(OIDCAuthenticationToken token) { - this.sub = token.getUserInfo().getSub(); - this.name = token.getUserInfo().getName(); - this.given_name = token.getUserInfo().getGivenName(); - this.family_name = token.getUserInfo().getFamilyName(); - this.email = token.getUserInfo().getEmail(); - this.roles = token.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet()); - } - - public String getSub() { - return sub; - } - - public void setSub(String sub) { - this.sub = sub; - } - - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } - - public String getGiven_name() { - return given_name; - } - - public void setGiven_name(String given_name) { - this.given_name = given_name; - } - - public String getFamily_name() { - return family_name; - } - - public void setFamily_name(String family_name) { - this.family_name = family_name; - } - - public String getEmail() { - return email; - } - - public void setEmail(String email) { - this.email = email; - } - - public Set getRoles() { - return roles; - } - - public void setRoles(Set roles) { - this.roles = roles; - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/exception/ResourceNotFoundException.java b/src/main/java/eu/dnetlib/loginservice/exception/ResourceNotFoundException.java deleted file mode 100644 index dfff6f8..0000000 --- a/src/main/java/eu/dnetlib/loginservice/exception/ResourceNotFoundException.java +++ /dev/null @@ -1,20 +0,0 @@ -package eu.dnetlib.loginservice.exception; -import org.springframework.http.HttpStatus; -import org.springframework.web.bind.annotation.ResponseStatus; - -@ResponseStatus(value = HttpStatus.NOT_FOUND) // 404 -public class ResourceNotFoundException extends RuntimeException { - - public ResourceNotFoundException(String message) { - super(message); - } - - public ResourceNotFoundException(String message, Throwable err) { - super(message, err); - } - - public HttpStatus getStatus() { - return HttpStatus.NOT_FOUND; - } -} - diff --git a/src/main/java/eu/dnetlib/loginservice/properties/APIProperties.java b/src/main/java/eu/dnetlib/loginservice/properties/APIProperties.java deleted file mode 100644 index 96e5256..0000000 --- a/src/main/java/eu/dnetlib/loginservice/properties/APIProperties.java +++ /dev/null @@ -1,38 +0,0 @@ -package eu.dnetlib.loginservice.properties; - -import org.springframework.boot.context.properties.ConfigurationProperties; - -@ConfigurationProperties("api") -public class APIProperties { - - private String title; - private String description; - private String version; - - public APIProperties() { - } - - public String getTitle() { - return title; - } - - public void setTitle(String title) { - this.title = title; - } - - public String getDescription() { - return description; - } - - public void setDescription(String description) { - this.description = description; - } - - public String getVersion() { - return version; - } - - public void setVersion(String version) { - this.version = version; - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/properties/OIDC.java b/src/main/java/eu/dnetlib/loginservice/properties/OIDC.java deleted file mode 100644 index 114a036..0000000 --- a/src/main/java/eu/dnetlib/loginservice/properties/OIDC.java +++ /dev/null @@ -1,59 +0,0 @@ -package eu.dnetlib.loginservice.properties; - -public class OIDC { - - private String issuer; - private String home; - private String id; - private String secret; - private String scope = ""; - private String logout; - - public String getIssuer() { - return issuer; - } - - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - public String getHome() { - return home; - } - - public void setHome(String home) { - this.home = home; - } - - public String getId() { - return id; - } - - public void setId(String id) { - this.id = id; - } - - public String getSecret() { - return secret; - } - - public void setSecret(String secret) { - this.secret = secret; - } - - public String getScope() { - return scope; - } - - public void setScope(String scope) { - this.scope = scope; - } - - public String getLogout() { - return logout; - } - - public void setLogout(String logout) { - this.logout = logout; - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/properties/Properties.java b/src/main/java/eu/dnetlib/loginservice/properties/Properties.java deleted file mode 100644 index f1e0325..0000000 --- a/src/main/java/eu/dnetlib/loginservice/properties/Properties.java +++ /dev/null @@ -1,83 +0,0 @@ -package eu.dnetlib.loginservice.properties; - -import org.springframework.boot.context.properties.ConfigurationProperties; - -@ConfigurationProperties("authentication") -public class Properties { - - private Redis redis = new Redis(); - private OIDC oidc = new OIDC(); - private String domain; - private String session; - private String accessToken; - private String redirect; - private String authoritiesMapper; - private Boolean keycloak; - - public Properties() { - } - - public Redis getRedis() { - return redis; - } - - public void setRedis(Redis redis) { - this.redis = redis; - } - - public OIDC getOidc() { - return oidc; - } - - public void setOidc(OIDC oidc) { - this.oidc = oidc; - } - - public String getDomain() { - return domain; - } - - public void setDomain(String domain) { - this.domain = domain; - } - - public String getSession() { - return session; - } - - public void setSession(String session) { - this.session = session; - } - - public String getAccessToken() { - return accessToken; - } - - public void setAccessToken(String accessToken) { - this.accessToken = accessToken; - } - - public String getRedirect() { - return redirect; - } - - public void setRedirect(String redirect) { - this.redirect = redirect; - } - - public String getAuthoritiesMapper() { - return authoritiesMapper; - } - - public void setAuthoritiesMapper(String authoritiesMapper) { - this.authoritiesMapper = authoritiesMapper; - } - - public Boolean getKeycloak() { - return keycloak; - } - - public void setKeycloak(Boolean keycloak) { - this.keycloak = keycloak; - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/properties/Redis.java b/src/main/java/eu/dnetlib/loginservice/properties/Redis.java deleted file mode 100644 index 5ff24a4..0000000 --- a/src/main/java/eu/dnetlib/loginservice/properties/Redis.java +++ /dev/null @@ -1,44 +0,0 @@ -package eu.dnetlib.loginservice.properties; - -public class Redis { - - private String host = "localhost"; - private String port = "6379"; - private String password; - - public Redis() { - } - - public String getHost() { - return host; - } - - public void setHost(String host) { - this.host = host; - } - - public String getPort() { - return port; - } - - public void setPort(String port) { - this.port = port; - } - - public String getPassword() { - return password; - } - - public void setPassword(String password) { - this.password = password; - } - - @Override - public String toString() { - return "Redis{" + - "host='" + host + '\'' + - ", port='" + port + '\'' + - ", password='" + password + '\'' + - '}'; - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/CorsConfig.java b/src/main/java/eu/dnetlib/loginservice/security/CorsConfig.java deleted file mode 100644 index 230e4d1..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/CorsConfig.java +++ /dev/null @@ -1,16 +0,0 @@ -package eu.dnetlib.loginservice.security; - -import org.springframework.context.annotation.Configuration; -import org.springframework.web.servlet.config.annotation.CorsRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; - -@Configuration -public class CorsConfig extends WebMvcConfigurerAdapter { - - @Override - public void addCorsMappings(CorsRegistry registry) { - registry.addMapping("/**") - .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS") - .allowCredentials(true); - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/RedisConfig.java b/src/main/java/eu/dnetlib/loginservice/security/RedisConfig.java deleted file mode 100644 index d75f09f..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/RedisConfig.java +++ /dev/null @@ -1,43 +0,0 @@ -package eu.dnetlib.loginservice.security; - -import eu.dnetlib.loginservice.properties.Properties; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; -import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession; -import org.springframework.session.web.http.CookieSerializer; -import org.springframework.session.web.http.DefaultCookieSerializer; - -@EnableRedisHttpSession -@Configuration -public class RedisConfig { - - private final Properties properties; - - private static final Logger logger = LogManager.getLogger(RedisConfig.class); - - @Autowired - public RedisConfig(Properties properties) { - this.properties = properties; - } - - @Bean - public LettuceConnectionFactory connectionFactory() { - logger.info(String.format("Redis connection listens to %s:%s ", properties.getRedis().getHost(), properties.getRedis().getPort())); - LettuceConnectionFactory factory = new LettuceConnectionFactory(properties.getRedis().getHost(), Integer.parseInt(properties.getRedis().getPort())); - if (properties.getRedis().getPassword() != null) factory.setPassword(properties.getRedis().getPassword()); - return factory; - } - - @Bean - public CookieSerializer cookieSerializer() { - DefaultCookieSerializer serializer = new DefaultCookieSerializer(); - serializer.setCookieName(properties.getSession()); - serializer.setCookiePath("/"); - serializer.setDomainName(properties.getDomain()); - return serializer; - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/WebSecurityConfig.java b/src/main/java/eu/dnetlib/loginservice/security/WebSecurityConfig.java deleted file mode 100644 index 1277c0c..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/WebSecurityConfig.java +++ /dev/null @@ -1,82 +0,0 @@ -package eu.dnetlib.loginservice.security; - -import eu.dnetlib.loginservice.properties.Properties; -import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthenticationFilter; -import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthenticationSuccessHandler; -import eu.dnetlib.loginservice.security.oidc.OpenAIRELogoutHandler; -import eu.dnetlib.loginservice.security.oidc.OpenAIRELogoutSuccessHandler; -import eu.dnetlib.loginservice.utils.EntryPoint; -import org.mitre.openid.connect.client.OIDCAuthenticationProvider; -import org.mitre.openid.connect.client.service.ClientConfigurationService; -import org.mitre.openid.connect.client.service.IssuerService; -import org.mitre.openid.connect.client.service.ServerConfigurationService; -import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder; -import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; - -@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true) -@EnableWebSecurity -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { - - private final Properties properties; - private final EntryPoint entryPoint; - private final OIDCAuthenticationProvider provider; - private final IssuerService issuerService; - private final ServerConfigurationService serverConfigurationService; - private final ClientConfigurationService clientConfigurationService; - private final StaticAuthRequestOptionsService optionsService; - private final PlainAuthRequestUrlBuilder builder; - private final OpenAIREAuthenticationSuccessHandler authenticationSuccessHandler; - private final OpenAIRELogoutHandler logoutHandler; - private final OpenAIRELogoutSuccessHandler logoutSuccessHandler; - - @Autowired - public WebSecurityConfig(Properties properties, EntryPoint entryPoint, OIDCAuthenticationProvider provider, - IssuerService issuerService, ServerConfigurationService serverConfigurationService, - ClientConfigurationService clientConfigurationService, StaticAuthRequestOptionsService optionsService, - PlainAuthRequestUrlBuilder builder, OpenAIREAuthenticationSuccessHandler authenticationSuccessHandler, - OpenAIRELogoutHandler logoutHandler, OpenAIRELogoutSuccessHandler logoutSuccessHandler) { - super(); - this.properties = properties; - this.entryPoint = entryPoint; - this.provider = provider; - this.issuerService = issuerService; - this.serverConfigurationService = serverConfigurationService; - this.clientConfigurationService = clientConfigurationService; - this.optionsService = optionsService; - this.builder = builder; - this.authenticationSuccessHandler = authenticationSuccessHandler; - this.logoutHandler = logoutHandler; - this.logoutSuccessHandler = logoutSuccessHandler; - } - - public OpenAIREAuthenticationFilter initFilter() throws Exception { - OpenAIREAuthenticationFilter filter = new OpenAIREAuthenticationFilter(properties); - filter.setAuthenticationManager(authenticationManagerBean()); - filter.afterPropertiesSet(); - filter.setIssuerService(issuerService); - filter.setServerConfigurationService(serverConfigurationService); - filter.setClientConfigurationService(clientConfigurationService); - filter.setAuthRequestOptionsService(optionsService); - filter.setAuthRequestUrlBuilder(builder); - filter.setAuthenticationSuccessHandler(authenticationSuccessHandler); - return filter; - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable(); - http.authenticationProvider(provider); - http.addFilterBefore(initFilter(), BasicAuthenticationFilter.class); - http.httpBasic().authenticationEntryPoint(entryPoint); - http.logout().logoutUrl("/openid_logout").addLogoutHandler(logoutHandler) - .logoutSuccessHandler(logoutSuccessHandler).invalidateHttpSession(false); - http.authorizeRequests().anyRequest().permitAll(); - } - -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java deleted file mode 100644 index 8b439cd..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Configurations.java +++ /dev/null @@ -1,61 +0,0 @@ -package eu.dnetlib.loginservice.security.initiliazers; - -import com.sun.org.apache.xpath.internal.operations.Bool; -import eu.dnetlib.loginservice.properties.Properties; -import eu.dnetlib.loginservice.utils.ScopeReader; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.RegisteredClient; -import org.mitre.openid.connect.config.ServerConfiguration; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; - -import java.util.Collections; - -@Configuration -public class Configurations { - - private final Properties properties; - private final ScopeReader scopeReader; - - @Autowired - public Configurations(Properties properties, ScopeReader scopeReader) { - this.properties = properties; - this.scopeReader = scopeReader; - } - - @Bean - public ServerConfiguration serverConfiguration() { - String issuer = properties.getOidc().getIssuer(); - ServerConfiguration serverConfiguration = new ServerConfiguration(); - serverConfiguration.setIssuer(issuer); - Boolean keycloak = properties.getKeycloak(); - - if(keycloak) { - serverConfiguration.setAuthorizationEndpointUri(issuer + "/protocol/openid-connect/auth"); - serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token"); - serverConfiguration.setUserInfoUri(issuer + "/protocol/openid-connect/userinfo"); - serverConfiguration.setJwksUri(issuer + "/protocol/openid-connect/certs"); - } else { - serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize"); - serverConfiguration.setTokenEndpointUri(issuer + "token"); - serverConfiguration.setUserInfoUri(issuer + "userinfo"); - serverConfiguration.setJwksUri(issuer + "jwk"); - } - - serverConfiguration.setRevocationEndpointUri(issuer + "revoke"); - return serverConfiguration; - } - - @Bean - public RegisteredClient registeredClient() { - RegisteredClient client = new RegisteredClient(); - client.setClientId(properties.getOidc().getId()); - client.setClientSecret(properties.getOidc().getSecret()); - client.setScope(scopeReader.getScopes()); - client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC); - client.setRedirectUris(Collections.singleton(properties.getOidc().getHome())); - return client; - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java deleted file mode 100644 index ca56c8a..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Primitives.java +++ /dev/null @@ -1,68 +0,0 @@ -package eu.dnetlib.loginservice.security.initiliazers; - -import eu.dnetlib.loginservice.properties.Properties; -import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper; -import eu.dnetlib.loginservice.utils.EntryPoint; -import eu.dnetlib.loginservice.utils.ScopeReader; -import org.mitre.openid.connect.client.OIDCAuthenticationProvider; -import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder; -import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService; -import org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler; - -@Configuration -public class Primitives { - - private final Properties properties; - private final OpenAIREAuthoritiesMapper authoritiesMapper;; - - @Autowired - public Primitives(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper) { - this.properties = properties; - this.authoritiesMapper = authoritiesMapper; - } - - @Bean - public ScopeReader scopeReader() { - return new ScopeReader(this.properties.getOidc().getScope()); - } - - @Bean - public DefaultWebSecurityExpressionHandler handler() { - return new DefaultWebSecurityExpressionHandler(); - } - - @Bean - public PlainAuthRequestUrlBuilder builder() { - return new PlainAuthRequestUrlBuilder(); - } - - @Bean - public OIDCAuthenticationProvider provider() { - OIDCAuthenticationProvider provider = new OIDCAuthenticationProvider(); - if(this.properties.getAuthoritiesMapper() != null && this.properties.getAuthoritiesMapper().equals("openAIREMapper")) { - provider.setAuthoritiesMapper(this.authoritiesMapper); - } - return provider; - } - - @Bean - public StaticSingleIssuerService issuerService() { - StaticSingleIssuerService issuerService = new StaticSingleIssuerService(); - issuerService.setIssuer(properties.getOidc().getIssuer()); - return issuerService; - } - - @Bean - public EntryPoint entryPoint() { - return new EntryPoint(); - } - - @Bean - public StaticAuthRequestOptionsService optionsService() { - return new StaticAuthRequestOptionsService(); - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Services.java b/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Services.java deleted file mode 100644 index fe3d541..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/initiliazers/Services.java +++ /dev/null @@ -1,47 +0,0 @@ -package eu.dnetlib.loginservice.security.initiliazers; - -import eu.dnetlib.loginservice.properties.Properties; -import org.mitre.oauth2.model.RegisteredClient; -import org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService; -import org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService; -import org.mitre.openid.connect.config.ServerConfiguration; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; - -import java.util.HashMap; -import java.util.Map; - -@Configuration -public class Services { - - private final Properties properties; - private final ServerConfiguration serverConfiguration; - private final RegisteredClient clientConfiguration; - - @Autowired - public Services(Properties properties, ServerConfiguration serverConfiguration, RegisteredClient clientConfiguration) { - this.properties = properties; - this.serverConfiguration = serverConfiguration; - this.clientConfiguration = clientConfiguration; - } - - - @Bean - public StaticServerConfigurationService serverConfigurationService() { - StaticServerConfigurationService configurationService = new StaticServerConfigurationService(); - Map servers = new HashMap<>(); - servers.put(properties.getOidc().getIssuer(), serverConfiguration); - configurationService.setServers(servers); - return configurationService; - } - - @Bean - public StaticClientConfigurationService clientConfigurationService() { - StaticClientConfigurationService configurationService = new StaticClientConfigurationService(); - Map clients = new HashMap<>(); - clients.put(properties.getOidc().getIssuer(), clientConfiguration); - configurationService.setClients(clients); - return configurationService; - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIREAuthenticationFilter.java b/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIREAuthenticationFilter.java deleted file mode 100644 index 54b9330..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIREAuthenticationFilter.java +++ /dev/null @@ -1,28 +0,0 @@ -package eu.dnetlib.loginservice.security.oidc; - -import eu.dnetlib.loginservice.properties.Properties; -import eu.dnetlib.loginservice.utils.Redirect; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; -import org.mitre.openid.connect.client.OIDCAuthenticationFilter; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -public class OpenAIREAuthenticationFilter extends OIDCAuthenticationFilter { - - private final static Logger logger = LogManager.getLogger(OpenAIREAuthenticationSuccessHandler.class); - private final Properties properties; - - public OpenAIREAuthenticationFilter(Properties properties) { - super(); - this.properties = properties; - } - - @Override - protected void handleAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { - Redirect.setRedirect(request, properties); - super.handleAuthorizationRequest(request, response); - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIREAuthenticationSuccessHandler.java b/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIREAuthenticationSuccessHandler.java deleted file mode 100644 index f17f4c8..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIREAuthenticationSuccessHandler.java +++ /dev/null @@ -1,66 +0,0 @@ -package eu.dnetlib.loginservice.security.oidc; - -import com.google.gson.JsonParser; -import eu.dnetlib.loginservice.properties.Properties; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; -import org.mitre.openid.connect.model.OIDCAuthenticationToken; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.AuthenticationSuccessHandler; -import org.springframework.session.FindByIndexNameSessionRepository; - -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.IOException; -import java.util.Base64; -import java.util.Date; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -@Configuration -public class OpenAIREAuthenticationSuccessHandler implements AuthenticationSuccessHandler { - - private static final Logger logger = LogManager.getLogger(OpenAIREAuthenticationSuccessHandler.class); - private final Properties properties; - - @Autowired - public OpenAIREAuthenticationSuccessHandler(Properties properties) { - this.properties = properties; - } - - @Override - public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) - throws IOException { - OIDCAuthenticationToken token = (OIDCAuthenticationToken) authentication; - HttpSession session = request.getSession(); - String redirect = (String) session.getAttribute("redirect"); - session.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, token.getUserInfo().getSub()); - try { - Cookie accessToken = new Cookie(properties.getAccessToken(), token.getAccessTokenValue()); - String regex = "^([A-Za-z0-9-_=]+)\\.([A-Za-z0-9-_=]+)\\.?([A-Za-z0-9-_.+=]*)$"; - Matcher matcher = Pattern.compile(regex).matcher(token.getAccessTokenValue()); - if (matcher.find()) { - long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong(); - accessToken.setMaxAge((int) (exp - (new Date().getTime() / 1000))); - } else { - accessToken.setMaxAge(3600); - } - accessToken.setPath("/"); - accessToken.setDomain(properties.getDomain()); - response.addCookie(accessToken); - if(redirect != null) { - response.sendRedirect(redirect); - session.removeAttribute("redirect"); - } else { - response.sendRedirect(properties.getRedirect()); - } - } catch (IOException e) { - logger.error("IOException in redirection ", e); - throw new IOException(e); - } - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIREAuthoritiesMapper.java b/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIREAuthoritiesMapper.java deleted file mode 100644 index 29d7cf9..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIREAuthoritiesMapper.java +++ /dev/null @@ -1,21 +0,0 @@ -package eu.dnetlib.loginservice.security.oidc; - -import com.google.gson.JsonArray; -import com.nimbusds.jwt.JWT; -import eu.dnetlib.loginservice.utils.AuthoritiesMapper; -import org.mitre.openid.connect.client.OIDCAuthoritiesMapper; -import org.mitre.openid.connect.model.UserInfo; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.stereotype.Component; - -import java.util.Collection; - -@Component -public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper { - - @Override - public Collection mapAuthorities(JWT jwtToken, UserInfo userInfo) { - JsonArray entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements"); - return AuthoritiesMapper.map(entitlements); - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutHandler.java b/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutHandler.java deleted file mode 100644 index 6648b41..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutHandler.java +++ /dev/null @@ -1,27 +0,0 @@ -package eu.dnetlib.loginservice.security.oidc; - -import eu.dnetlib.loginservice.properties.Properties; -import eu.dnetlib.loginservice.utils.Redirect; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.logout.LogoutHandler; -import org.springframework.stereotype.Service; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -@Service -public class OpenAIRELogoutHandler implements LogoutHandler { - - private final Properties properties; - - @Autowired - public OpenAIRELogoutHandler(Properties properties) { - this.properties = properties; - } - - @Override - public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { - Redirect.setRedirect(request, properties); - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java b/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java deleted file mode 100644 index 31acd9f..0000000 --- a/src/main/java/eu/dnetlib/loginservice/security/oidc/OpenAIRELogoutSuccessHandler.java +++ /dev/null @@ -1,42 +0,0 @@ -package eu.dnetlib.loginservice.security.oidc; - -import eu.dnetlib.loginservice.properties.Properties; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; - -@Configuration -public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler { - - private final Properties properties; - - @Autowired - public OpenAIRELogoutSuccessHandler(Properties properties) { - this.properties = properties; - } - - private String encodeValue(String value) throws UnsupportedEncodingException { - return URLEncoder.encode(value, StandardCharsets.UTF_8.toString()); - } - - @Override - public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException { - HttpSession session = request.getSession(); - String redirect = (String) session.getAttribute("redirect"); - session.removeAttribute("redirect"); - if(redirect == null) { - redirect = properties.getRedirect(); - } - session.invalidate(); - response.sendRedirect(properties.getOidc().getLogout() + encodeValue(redirect)); - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/services/UserInfoService.java b/src/main/java/eu/dnetlib/loginservice/services/UserInfoService.java deleted file mode 100644 index d3f93cc..0000000 --- a/src/main/java/eu/dnetlib/loginservice/services/UserInfoService.java +++ /dev/null @@ -1,20 +0,0 @@ -package eu.dnetlib.loginservice.services; - -import eu.dnetlib.loginservice.entities.User; -import eu.dnetlib.loginservice.exception.ResourceNotFoundException; -import org.mitre.openid.connect.model.OIDCAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Service; - -@Service -public class UserInfoService { - - public User getUserInfo() throws ResourceNotFoundException { - Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - if(authentication instanceof OIDCAuthenticationToken) { - return new User((OIDCAuthenticationToken) authentication); - } - throw new ResourceNotFoundException("No Session has been found"); - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/utils/AuthoritiesMapper.java b/src/main/java/eu/dnetlib/loginservice/utils/AuthoritiesMapper.java deleted file mode 100644 index 5cce7e3..0000000 --- a/src/main/java/eu/dnetlib/loginservice/utils/AuthoritiesMapper.java +++ /dev/null @@ -1,42 +0,0 @@ -package eu.dnetlib.loginservice.utils; - -import com.google.gson.JsonArray; -import com.google.gson.JsonElement; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; - -import java.util.Collection; -import java.util.HashSet; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -public class AuthoritiesMapper { - - private static final Logger logger = LogManager.getLogger(AuthoritiesMapper.class); - - public static Collection map(JsonArray entitlements) { - HashSet authorities = new HashSet<>(); - String regex = "urn:geant:openaire[.]eu:group:([^:]*):?(.*)?:role=member#aai[.]openaire[.]eu"; - for(JsonElement obj: entitlements) { - Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString()); - if (matcher.find()) { - StringBuilder sb = new StringBuilder(); - if(matcher.group(1) != null && matcher.group(1).length() > 0) { - sb.append(matcher.group(1).replace("+-+", "_").replaceAll("[+.]", "_").toUpperCase()); - } - if(matcher.group(2).length() > 0) { - sb.append("_"); - if(matcher.group(2).equals("admins")) { - sb.append("MANAGER"); - } else { - sb.append(matcher.group(2).toUpperCase()); - } - } - authorities.add(new SimpleGrantedAuthority(sb.toString())); - } - } - return authorities; - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/utils/EntryPoint.java b/src/main/java/eu/dnetlib/loginservice/utils/EntryPoint.java deleted file mode 100644 index cbd5538..0000000 --- a/src/main/java/eu/dnetlib/loginservice/utils/EntryPoint.java +++ /dev/null @@ -1,19 +0,0 @@ -package eu.dnetlib.loginservice.utils; - -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.AuthenticationEntryPoint; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -public class EntryPoint implements AuthenticationEntryPoint { - - @Override - public void commence(HttpServletRequest request, HttpServletResponse response, - AuthenticationException authException) throws IOException { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage()); - } - -} - diff --git a/src/main/java/eu/dnetlib/loginservice/utils/Redirect.java b/src/main/java/eu/dnetlib/loginservice/utils/Redirect.java deleted file mode 100644 index fb61680..0000000 --- a/src/main/java/eu/dnetlib/loginservice/utils/Redirect.java +++ /dev/null @@ -1,40 +0,0 @@ -package eu.dnetlib.loginservice.utils; - - -import eu.dnetlib.loginservice.properties.Properties; -import org.apache.http.client.utils.URIBuilder; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; -import java.net.URISyntaxException; -import java.util.Enumeration; - -public class Redirect { - - private final static Logger logger = LogManager.getLogger(Redirect.class); - - private static String getDomain(String url) throws URISyntaxException { - URIBuilder uriBuilder = new URIBuilder(url); - return uriBuilder.getHost(); - } - - public static void setRedirect(HttpServletRequest request, Properties properties) { - HttpSession session = request.getSession(); - Enumeration params = request.getParameterNames(); - while (params.hasMoreElements()) { - String param = params.nextElement(); - if(param.equalsIgnoreCase("redirect")) { - String redirect = request.getParameter(param); - try { - if(getDomain(redirect).endsWith(properties.getDomain())) { - session.setAttribute("redirect", redirect); - } - } catch (URISyntaxException e) { - logger.error(e.getMessage()); - } - } - } - } -} diff --git a/src/main/java/eu/dnetlib/loginservice/utils/ScopeReader.java b/src/main/java/eu/dnetlib/loginservice/utils/ScopeReader.java deleted file mode 100644 index 096361e..0000000 --- a/src/main/java/eu/dnetlib/loginservice/utils/ScopeReader.java +++ /dev/null @@ -1,25 +0,0 @@ -package eu.dnetlib.loginservice.utils; - -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -public class ScopeReader { - - Set scopes; - - public ScopeReader(String property) { - if (!property.trim().isEmpty()){ - scopes = new HashSet<>(); - Collections.addAll(scopes, property.split(",")); - } - } - - public Set getScopes() { - return scopes; - } - - public void setScopes(Set scopes) { - this.scopes = scopes; - } -} diff --git a/src/main/resources/authentication.properties b/src/main/resources/authentication.properties deleted file mode 100644 index 07868b3..0000000 --- a/src/main/resources/authentication.properties +++ /dev/null @@ -1,21 +0,0 @@ -authentication.domain=di.uoa.gr - -authentication.keycloak=false -authentication.oidc.issuer=https://aai.openaire.eu/oidc/ -authentication.oidc.logout=https://aai.openaire.eu/proxy/saml2/idp/SingleLogoutService.php?ReturnTo= -authentication.oidc.home=http://mpagasas.di.uoa.gr:19080/login-service/openid_connect_login -authentication.oidc.scope=openid,profile,email,eduperson_entitlement -authentication.oidc.id=id -authentication.oidc.secret=secret - -authentication.session=openAIRESession -authentication.accessToken=AccessToken -authentication.redirect=http://mpagasas.di.uoa.gr:4600/reload - -# Currently, this is the only available mapper, set to null or anything else will ignore this. -authentication.authorities-mapper=openAIREMapper - -## API Documentation Properties -api.title = Login Service -api.description = Login service provides methods to authenticate users through AAI provider and retrieve information of authenticated user. -api.version = ${project.version} \ No newline at end of file diff --git a/src/main/resources/login-service.properties b/src/main/resources/login-service.properties new file mode 100644 index 0000000..b899e3d --- /dev/null +++ b/src/main/resources/login-service.properties @@ -0,0 +1,4 @@ +## API Documentation Properties +api.title = Login Service +api.description = Login service provides methods to authenticate users through AAI provider and retrieve information of authenticated user. +api.version = ${project.version}