Compare commits
36 Commits
login-serv
...
master
90
pom.xml
90
pom.xml
|
@ -3,75 +3,41 @@
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<parent>
|
<parent>
|
||||||
<groupId>eu.dnetlib</groupId>
|
<groupId>eu.dnetlib</groupId>
|
||||||
<artifactId>dnet45-parent</artifactId>
|
<artifactId>uoa-spring-boot-parent</artifactId>
|
||||||
<version>1.0.0</version>
|
<version>1.0.0</version>
|
||||||
</parent>
|
</parent>
|
||||||
<artifactId>login-service</artifactId>
|
<artifactId>login-service</artifactId>
|
||||||
<version>1.0.1</version>
|
<version>1.0.6-SNAPSHOT</version>
|
||||||
<packaging>war</packaging>
|
<packaging>war</packaging>
|
||||||
<name>login-service</name>
|
<name>login-service</name>
|
||||||
<description>login-service</description>
|
<description>login-service</description>
|
||||||
<properties>
|
|
||||||
<java.version>1.8</java.version>
|
|
||||||
</properties>
|
|
||||||
<scm>
|
<scm>
|
||||||
<url>https://code-repo.d4science.org/MaDgIK/login-service</url>
|
|
||||||
<connection>scm:git:gitea@code-repo.d4science.org:MaDgIK/login-service.git</connection>
|
|
||||||
<developerConnection>scm:git:gitea@code-repo.d4science.org:MaDgIK/login-service.git</developerConnection>
|
<developerConnection>scm:git:gitea@code-repo.d4science.org:MaDgIK/login-service.git</developerConnection>
|
||||||
<tag>login-service-1.0.1</tag>
|
<tag>HEAD</tag>
|
||||||
</scm>
|
</scm>
|
||||||
<dependencyManagement>
|
<properties>
|
||||||
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
|
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
||||||
|
<timestamp>${maven.build.timestamp}</timestamp>
|
||||||
|
<maven.build.timestamp.format>E MMM dd HH:mm:ss z yyyy</maven.build.timestamp.format>
|
||||||
|
</properties>
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>eu.dnetlib</groupId>
|
||||||
<artifactId>spring-boot-dependencies</artifactId>
|
<artifactId>uoa-login-core</artifactId>
|
||||||
<version>1.5.8.RELEASE</version>
|
<version>2.1.1</version>
|
||||||
<type>pom</type>
|
|
||||||
<scope>import</scope>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
<!--swagger-->
|
||||||
</dependencyManagement>
|
|
||||||
<dependencies>
|
|
||||||
<!-- Spring Boot -->
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>io.springfox</groupId>
|
||||||
<artifactId>spring-boot-starter-web</artifactId>
|
<artifactId>springfox-swagger2</artifactId>
|
||||||
|
<version>${swagger-version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<!--swagger official ui-->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>io.springfox</groupId>
|
||||||
<artifactId>spring-boot-starter-tomcat</artifactId>
|
<artifactId>springfox-swagger-ui</artifactId>
|
||||||
<scope>provided</scope>
|
<version>${swagger-version}</version>
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.springframework.boot</groupId>
|
|
||||||
<artifactId>spring-boot-starter-test</artifactId>
|
|
||||||
<scope>test</scope>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.springframework.boot</groupId>
|
|
||||||
<artifactId>spring-boot-starter-security</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<!-- Redis -->
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.springframework.session</groupId>
|
|
||||||
<artifactId>spring-session-data-redis</artifactId>
|
|
||||||
</dependency>
|
|
||||||
<dependency>
|
|
||||||
<groupId>biz.paluch.redis</groupId>
|
|
||||||
<artifactId>lettuce</artifactId>
|
|
||||||
<version>4.3.3.Final</version>
|
|
||||||
</dependency>
|
|
||||||
<!-- Mitre -->
|
|
||||||
<dependency>
|
|
||||||
<groupId>org.mitre</groupId>
|
|
||||||
<artifactId>openid-connect-client</artifactId>
|
|
||||||
<version>1.3.0</version>
|
|
||||||
<exclusions>
|
|
||||||
<exclusion>
|
|
||||||
<groupId>org.bouncycastle</groupId>
|
|
||||||
<artifactId>bcprov-jdk15on</artifactId>
|
|
||||||
</exclusion>
|
|
||||||
</exclusions>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
<build>
|
<build>
|
||||||
|
@ -82,6 +48,22 @@
|
||||||
</resource>
|
</resource>
|
||||||
</resources>
|
</resources>
|
||||||
<plugins>
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-maven-plugin</artifactId>
|
||||||
|
<version>${spring-boot-version}</version>
|
||||||
|
<configuration>
|
||||||
|
<mainClass>eu.dnetlib.loginservice.LoginServiceApplication</mainClass>
|
||||||
|
<executable>true</executable>
|
||||||
|
</configuration>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<goals>
|
||||||
|
<goal>repackage</goal>
|
||||||
|
</goals>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
<plugin>
|
<plugin>
|
||||||
<artifactId>maven-war-plugin</artifactId>
|
<artifactId>maven-war-plugin</artifactId>
|
||||||
<version>2.6</version>
|
<version>2.6</version>
|
||||||
|
|
|
@ -1,18 +1,23 @@
|
||||||
package eu.dnetlib.loginservice;
|
package eu.dnetlib.loginservice;
|
||||||
|
|
||||||
|
import eu.dnetlib.authentication.configuration.AuthenticationConfiguration;
|
||||||
|
import eu.dnetlib.loginservice.configuration.APIProperties;
|
||||||
|
import eu.dnetlib.loginservice.configuration.GlobalVars;
|
||||||
import org.springframework.boot.SpringApplication;
|
import org.springframework.boot.SpringApplication;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||||
|
import org.springframework.context.annotation.Import;
|
||||||
import org.springframework.context.annotation.PropertySource;
|
import org.springframework.context.annotation.PropertySource;
|
||||||
import org.springframework.context.annotation.PropertySources;
|
import org.springframework.context.annotation.PropertySources;
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
|
|
||||||
@SpringBootApplication(scanBasePackages = {"eu.dnetlib.loginservice"})
|
@SpringBootApplication(scanBasePackages = {"eu.dnetlib.loginservice"})
|
||||||
@PropertySources({
|
@PropertySources({
|
||||||
@PropertySource("classpath:authentication.properties"),
|
@PropertySource("classpath:authentication.properties"),
|
||||||
|
@PropertySource("classpath:login-service.properties"),
|
||||||
@PropertySource(value = "classpath:dnet-override.properties", ignoreResourceNotFound = true)
|
@PropertySource(value = "classpath:dnet-override.properties", ignoreResourceNotFound = true)
|
||||||
})
|
})
|
||||||
@EnableConfigurationProperties({Properties.class})
|
@Import({AuthenticationConfiguration.class})
|
||||||
|
@EnableConfigurationProperties({APIProperties.class, GlobalVars.class})
|
||||||
public class LoginServiceApplication {
|
public class LoginServiceApplication {
|
||||||
|
|
||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
package eu.dnetlib.loginservice.configuration;
|
||||||
|
|
||||||
|
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||||
|
|
||||||
|
@ConfigurationProperties("api")
|
||||||
|
public class APIProperties {
|
||||||
|
|
||||||
|
private String title;
|
||||||
|
private String description;
|
||||||
|
private String version;
|
||||||
|
|
||||||
|
public APIProperties() {
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getTitle() {
|
||||||
|
return title;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTitle(String title) {
|
||||||
|
this.title = title;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getDescription() {
|
||||||
|
return description;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDescription(String description) {
|
||||||
|
this.description = description;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getVersion() {
|
||||||
|
return version;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setVersion(String version) {
|
||||||
|
this.version = version;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
package eu.dnetlib.loginservice.configuration;
|
||||||
|
|
||||||
|
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||||
|
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
@ConfigurationProperties("login-service.globalVars")
|
||||||
|
public class GlobalVars {
|
||||||
|
public static Date date = new Date();
|
||||||
|
private Date buildDate;
|
||||||
|
private String version;
|
||||||
|
|
||||||
|
public String getBuildDate() {
|
||||||
|
if(buildDate == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return buildDate.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setBuildDate(Date buildDate) {
|
||||||
|
this.buildDate = buildDate;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getVersion() {
|
||||||
|
return version;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setVersion(String version) {
|
||||||
|
this.version = version;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,78 @@
|
||||||
|
package eu.dnetlib.loginservice.configuration;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.context.annotation.Profile;
|
||||||
|
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
|
||||||
|
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
|
||||||
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||||
|
import springfox.documentation.builders.ApiInfoBuilder;
|
||||||
|
import springfox.documentation.builders.PathSelectors;
|
||||||
|
import springfox.documentation.builders.RequestHandlerSelectors;
|
||||||
|
import springfox.documentation.service.ApiInfo;
|
||||||
|
import springfox.documentation.spi.DocumentationType;
|
||||||
|
import springfox.documentation.spring.web.plugins.Docket;
|
||||||
|
import springfox.documentation.swagger2.annotations.EnableSwagger2;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Swagger configuration class
|
||||||
|
*/
|
||||||
|
@Configuration
|
||||||
|
@Profile({"swagger"})
|
||||||
|
@EnableSwagger2
|
||||||
|
public class SwaggerConfig extends WebMvcConfigurerAdapter {
|
||||||
|
|
||||||
|
private final APIProperties apiProperties;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
public SwaggerConfig(APIProperties apiProperties) {
|
||||||
|
this.apiProperties = apiProperties;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public Docket createRestApi() {
|
||||||
|
return new Docket(DocumentationType.SWAGGER_2)
|
||||||
|
.apiInfo(apiInfo())
|
||||||
|
.select()
|
||||||
|
.apis(RequestHandlerSelectors.basePackage("eu.dnetlib.loginservice.controllers"))
|
||||||
|
.paths(PathSelectors.any())
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public Docket createRestApiLoginCore() {
|
||||||
|
return new Docket(DocumentationType.SWAGGER_2)
|
||||||
|
.apiInfo(apiInfo())
|
||||||
|
.groupName("Login Core")
|
||||||
|
.select()
|
||||||
|
.apis(RequestHandlerSelectors.basePackage("eu.dnetlib.authentication.controllers"))
|
||||||
|
.paths(PathSelectors.any())
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
private ApiInfo apiInfo() {
|
||||||
|
return new ApiInfoBuilder()
|
||||||
|
.title(this.apiProperties.getTitle())
|
||||||
|
.description(this.apiProperties.getDescription())
|
||||||
|
.version(this.apiProperties.getVersion())
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addViewControllers(ViewControllerRegistry registry) {
|
||||||
|
registry.addRedirectViewController("/v2/api-docs", "/v2/api-docs");
|
||||||
|
registry.addRedirectViewController("/swagger-resources/configuration/ui", "/swagger-resources/configuration/ui");
|
||||||
|
registry.addRedirectViewController("/swagger-resources/configuration/security", "/swagger-resources/configuration/security");
|
||||||
|
registry.addRedirectViewController("/swagger-resources", "/swagger-resources");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addResourceHandlers(ResourceHandlerRegistry registry) {
|
||||||
|
registry.addResourceHandler("/swagger-ui.html**").addResourceLocations("classpath:/META-INF/resources/swagger-ui.html");
|
||||||
|
registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -1,17 +1,46 @@
|
||||||
package eu.dnetlib.loginservice.controllers;
|
package eu.dnetlib.loginservice.controllers;
|
||||||
|
|
||||||
import org.apache.log4j.Logger;
|
import eu.dnetlib.loginservice.configuration.GlobalVars;
|
||||||
|
import org.apache.logging.log4j.LogManager;
|
||||||
|
import org.apache.logging.log4j.Logger;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
public class HealthController {
|
public class HealthController {
|
||||||
private final Logger log = Logger.getLogger(this.getClass());
|
private final Logger log = LogManager.getLogger(this.getClass());
|
||||||
|
private final GlobalVars globalVars;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
public HealthController(GlobalVars globalVars) {
|
||||||
|
this.globalVars = globalVars;
|
||||||
|
}
|
||||||
|
|
||||||
@RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)
|
@RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)
|
||||||
public String hello() {
|
public String hello() {
|
||||||
log.debug("Hello from Login service!");
|
log.debug("Hello from Login service!");
|
||||||
return "Hello from Login service!";
|
return "Hello from Login service!";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PreAuthorize("hasAnyAuthority('PORTAL_ADMINISTRATOR')")
|
||||||
|
@RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
|
||||||
|
public Map<String, String> checkEverything() {
|
||||||
|
Map<String, String> response = new HashMap<>();
|
||||||
|
if(GlobalVars.date != null) {
|
||||||
|
response.put("Date of deploy", eu.dnetlib.authentication.configuration.GlobalVars.date.toString());
|
||||||
|
}
|
||||||
|
if(globalVars.getBuildDate() != null) {
|
||||||
|
response.put("Date of build", globalVars.getBuildDate());
|
||||||
|
}
|
||||||
|
if (globalVars.getVersion() != null) {
|
||||||
|
response.put("Version", globalVars.getVersion());
|
||||||
|
}
|
||||||
|
return response;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.controllers;
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.entities.User;
|
|
||||||
import eu.dnetlib.loginservice.exception.ResourceNotFoundException;
|
|
||||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
|
||||||
|
|
||||||
@RestController
|
|
||||||
public class UserController {
|
|
||||||
|
|
||||||
@RequestMapping(value = "/userInfo", method = RequestMethod.GET)
|
|
||||||
public ResponseEntity<User> getUserInfo(Authentication authentication) {
|
|
||||||
if(authentication instanceof OIDCAuthenticationToken) {
|
|
||||||
return ResponseEntity.ok(new User((OIDCAuthenticationToken) authentication));
|
|
||||||
}
|
|
||||||
throw new ResourceNotFoundException("No Session has been found");
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,74 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.entities;
|
|
||||||
|
|
||||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
|
||||||
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
|
|
||||||
public class User {
|
|
||||||
|
|
||||||
private String sub;
|
|
||||||
private String name;
|
|
||||||
private String given_name;
|
|
||||||
private String family_name;
|
|
||||||
private String email;
|
|
||||||
private Set<String> roles;
|
|
||||||
|
|
||||||
public User(OIDCAuthenticationToken token) {
|
|
||||||
this.sub = token.getUserInfo().getSub();
|
|
||||||
this.name = token.getUserInfo().getName();
|
|
||||||
this.given_name = token.getUserInfo().getGivenName();
|
|
||||||
this.family_name = token.getUserInfo().getFamilyName();
|
|
||||||
this.email = token.getUserInfo().getEmail();
|
|
||||||
this.roles = token.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getSub() {
|
|
||||||
return sub;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setSub(String sub) {
|
|
||||||
this.sub = sub;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getName() {
|
|
||||||
return name;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setName(String name) {
|
|
||||||
this.name = name;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getGiven_name() {
|
|
||||||
return given_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setGiven_name(String given_name) {
|
|
||||||
this.given_name = given_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getFamily_name() {
|
|
||||||
return family_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setFamily_name(String family_name) {
|
|
||||||
this.family_name = family_name;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getEmail() {
|
|
||||||
return email;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setEmail(String email) {
|
|
||||||
this.email = email;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Set<String> getRoles() {
|
|
||||||
return roles;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRoles(Set<String> roles) {
|
|
||||||
this.roles = roles;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.exception;
|
|
||||||
import org.springframework.http.HttpStatus;
|
|
||||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
|
||||||
|
|
||||||
@ResponseStatus(value = HttpStatus.NOT_FOUND) // 404
|
|
||||||
public class ResourceNotFoundException extends RuntimeException {
|
|
||||||
|
|
||||||
public ResourceNotFoundException(String message) {
|
|
||||||
super(message);
|
|
||||||
}
|
|
||||||
|
|
||||||
public ResourceNotFoundException(String message, Throwable err) {
|
|
||||||
super(message, err);
|
|
||||||
}
|
|
||||||
|
|
||||||
public HttpStatus getStatus() {
|
|
||||||
return HttpStatus.NOT_FOUND;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,59 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.properties;
|
|
||||||
|
|
||||||
public class OIDC {
|
|
||||||
|
|
||||||
private String issuer;
|
|
||||||
private String home;
|
|
||||||
private String id;
|
|
||||||
private String secret;
|
|
||||||
private String scope = "";
|
|
||||||
private String logout;
|
|
||||||
|
|
||||||
public String getIssuer() {
|
|
||||||
return issuer;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setIssuer(String issuer) {
|
|
||||||
this.issuer = issuer;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getHome() {
|
|
||||||
return home;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setHome(String home) {
|
|
||||||
this.home = home;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getId() {
|
|
||||||
return id;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setId(String id) {
|
|
||||||
this.id = id;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getSecret() {
|
|
||||||
return secret;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setSecret(String secret) {
|
|
||||||
this.secret = secret;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getScope() {
|
|
||||||
return scope;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setScope(String scope) {
|
|
||||||
this.scope = scope;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getLogout() {
|
|
||||||
return logout;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setLogout(String logout) {
|
|
||||||
this.logout = logout;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,56 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.properties;
|
|
||||||
|
|
||||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
|
||||||
|
|
||||||
@ConfigurationProperties("authentication")
|
|
||||||
public class Properties {
|
|
||||||
|
|
||||||
private Redis redis = new Redis();
|
|
||||||
private OIDC oidc = new OIDC();
|
|
||||||
private String domain;
|
|
||||||
private String session;
|
|
||||||
private String redirect;
|
|
||||||
|
|
||||||
public Properties() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public Redis getRedis() {
|
|
||||||
return redis;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRedis(Redis redis) {
|
|
||||||
this.redis = redis;
|
|
||||||
}
|
|
||||||
|
|
||||||
public OIDC getOidc() {
|
|
||||||
return oidc;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setOidc(OIDC oidc) {
|
|
||||||
this.oidc = oidc;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getDomain() {
|
|
||||||
return domain;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setDomain(String domain) {
|
|
||||||
this.domain = domain;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getSession() {
|
|
||||||
return session;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setSession(String session) {
|
|
||||||
this.session = session;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getRedirect() {
|
|
||||||
return redirect;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRedirect(String redirect) {
|
|
||||||
this.redirect = redirect;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,44 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.properties;
|
|
||||||
|
|
||||||
public class Redis {
|
|
||||||
|
|
||||||
private String host = "localhost";
|
|
||||||
private String port = "6379";
|
|
||||||
private String password;
|
|
||||||
|
|
||||||
public Redis() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getHost() {
|
|
||||||
return host;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setHost(String host) {
|
|
||||||
this.host = host;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getPort() {
|
|
||||||
return port;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setPort(String port) {
|
|
||||||
this.port = port;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getPassword() {
|
|
||||||
return password;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setPassword(String password) {
|
|
||||||
this.password = password;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String toString() {
|
|
||||||
return "Redis{" +
|
|
||||||
"host='" + host + '\'' +
|
|
||||||
", port='" + port + '\'' +
|
|
||||||
", password='" + password + '\'' +
|
|
||||||
'}';
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,16 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security;
|
|
||||||
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
|
||||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
public class CorsConfig extends WebMvcConfigurerAdapter {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void addCorsMappings(CorsRegistry registry) {
|
|
||||||
registry.addMapping("/**")
|
|
||||||
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
|
|
||||||
.allowCredentials(true);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security;
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import org.apache.log4j.Logger;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
|
|
||||||
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
|
|
||||||
import org.springframework.session.web.http.CookieSerializer;
|
|
||||||
import org.springframework.session.web.http.DefaultCookieSerializer;
|
|
||||||
|
|
||||||
@EnableRedisHttpSession
|
|
||||||
@Configuration
|
|
||||||
public class RedisConfig {
|
|
||||||
|
|
||||||
private final Properties properties;
|
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(RedisConfig.class);
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public RedisConfig(Properties properties) {
|
|
||||||
this.properties = properties;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public LettuceConnectionFactory connectionFactory() {
|
|
||||||
logger.info(String.format("Redis connection listens to %s:%s ", properties.getRedis().getHost(), properties.getRedis().getPort()));
|
|
||||||
LettuceConnectionFactory factory = new LettuceConnectionFactory(properties.getRedis().getHost(), Integer.parseInt(properties.getRedis().getPort()));
|
|
||||||
if (properties.getRedis().getPassword() != null) factory.setPassword(properties.getRedis().getPassword());
|
|
||||||
return factory;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public CookieSerializer cookieSerializer() {
|
|
||||||
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
|
|
||||||
serializer.setCookieName(properties.getSession());
|
|
||||||
serializer.setCookiePath("/");
|
|
||||||
serializer.setDomainName(properties.getDomain());
|
|
||||||
return serializer;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,82 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security;
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthenticationFilter;
|
|
||||||
import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthenticationSuccessHandler;
|
|
||||||
import eu.dnetlib.loginservice.security.oidc.OpenAIRELogoutHandler;
|
|
||||||
import eu.dnetlib.loginservice.security.oidc.OpenAIRELogoutSuccessHandler;
|
|
||||||
import eu.dnetlib.loginservice.utils.EntryPoint;
|
|
||||||
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
|
|
||||||
import org.mitre.openid.connect.client.service.ClientConfigurationService;
|
|
||||||
import org.mitre.openid.connect.client.service.IssuerService;
|
|
||||||
import org.mitre.openid.connect.client.service.ServerConfigurationService;
|
|
||||||
import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder;
|
|
||||||
import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
|
||||||
|
|
||||||
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)
|
|
||||||
@EnableWebSecurity
|
|
||||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
|
||||||
|
|
||||||
private final Properties properties;
|
|
||||||
private final EntryPoint entryPoint;
|
|
||||||
private final OIDCAuthenticationProvider provider;
|
|
||||||
private final IssuerService issuerService;
|
|
||||||
private final ServerConfigurationService serverConfigurationService;
|
|
||||||
private final ClientConfigurationService clientConfigurationService;
|
|
||||||
private final StaticAuthRequestOptionsService optionsService;
|
|
||||||
private final PlainAuthRequestUrlBuilder builder;
|
|
||||||
private final OpenAIREAuthenticationSuccessHandler authenticationSuccessHandler;
|
|
||||||
private final OpenAIRELogoutHandler logoutHandler;
|
|
||||||
private final OpenAIRELogoutSuccessHandler logoutSuccessHandler;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public WebSecurityConfig(Properties properties, EntryPoint entryPoint, OIDCAuthenticationProvider provider,
|
|
||||||
IssuerService issuerService, ServerConfigurationService serverConfigurationService,
|
|
||||||
ClientConfigurationService clientConfigurationService, StaticAuthRequestOptionsService optionsService,
|
|
||||||
PlainAuthRequestUrlBuilder builder, OpenAIREAuthenticationSuccessHandler authenticationSuccessHandler,
|
|
||||||
OpenAIRELogoutHandler logoutHandler, OpenAIRELogoutSuccessHandler logoutSuccessHandler) {
|
|
||||||
super();
|
|
||||||
this.properties = properties;
|
|
||||||
this.entryPoint = entryPoint;
|
|
||||||
this.provider = provider;
|
|
||||||
this.issuerService = issuerService;
|
|
||||||
this.serverConfigurationService = serverConfigurationService;
|
|
||||||
this.clientConfigurationService = clientConfigurationService;
|
|
||||||
this.optionsService = optionsService;
|
|
||||||
this.builder = builder;
|
|
||||||
this.authenticationSuccessHandler = authenticationSuccessHandler;
|
|
||||||
this.logoutHandler = logoutHandler;
|
|
||||||
this.logoutSuccessHandler = logoutSuccessHandler;
|
|
||||||
}
|
|
||||||
|
|
||||||
public OpenAIREAuthenticationFilter initFilter() throws Exception {
|
|
||||||
OpenAIREAuthenticationFilter filter = new OpenAIREAuthenticationFilter(properties);
|
|
||||||
filter.setAuthenticationManager(authenticationManagerBean());
|
|
||||||
filter.afterPropertiesSet();
|
|
||||||
filter.setIssuerService(issuerService);
|
|
||||||
filter.setServerConfigurationService(serverConfigurationService);
|
|
||||||
filter.setClientConfigurationService(clientConfigurationService);
|
|
||||||
filter.setAuthRequestOptionsService(optionsService);
|
|
||||||
filter.setAuthRequestUrlBuilder(builder);
|
|
||||||
filter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
|
|
||||||
return filter;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
|
||||||
http.csrf().disable();
|
|
||||||
http.authenticationProvider(provider);
|
|
||||||
http.addFilterBefore(initFilter(), BasicAuthenticationFilter.class);
|
|
||||||
http.httpBasic().authenticationEntryPoint(entryPoint);
|
|
||||||
http.logout().logoutUrl("/openid_logout").addLogoutHandler(logoutHandler)
|
|
||||||
.logoutSuccessHandler(logoutSuccessHandler).invalidateHttpSession(false);
|
|
||||||
http.authorizeRequests().anyRequest().permitAll();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,49 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security.initiliazers;
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import eu.dnetlib.loginservice.utils.ScopeReader;
|
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
|
||||||
import org.mitre.oauth2.model.RegisteredClient;
|
|
||||||
import org.mitre.openid.connect.config.ServerConfiguration;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
|
|
||||||
import java.util.Collections;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
public class Configurations {
|
|
||||||
|
|
||||||
private final Properties properties;
|
|
||||||
private final ScopeReader scopeReader;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public Configurations(Properties properties, ScopeReader scopeReader) {
|
|
||||||
this.properties = properties;
|
|
||||||
this.scopeReader = scopeReader;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public ServerConfiguration serverConfiguration() {
|
|
||||||
String issuer = properties.getOidc().getIssuer();
|
|
||||||
ServerConfiguration serverConfiguration = new ServerConfiguration();
|
|
||||||
serverConfiguration.setIssuer(issuer);
|
|
||||||
serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize");
|
|
||||||
serverConfiguration.setTokenEndpointUri(issuer + "token");
|
|
||||||
serverConfiguration.setUserInfoUri(issuer + "userinfo");
|
|
||||||
serverConfiguration.setJwksUri(issuer + "jwk");
|
|
||||||
serverConfiguration.setRevocationEndpointUri(issuer + "revoke");
|
|
||||||
return serverConfiguration;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public RegisteredClient registeredClient() {
|
|
||||||
RegisteredClient client = new RegisteredClient();
|
|
||||||
client.setClientId(properties.getOidc().getId());
|
|
||||||
client.setClientSecret(properties.getOidc().getSecret());
|
|
||||||
client.setScope(scopeReader.getScopes());
|
|
||||||
client.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
|
|
||||||
client.setRedirectUris(Collections.singleton(properties.getOidc().getHome()));
|
|
||||||
return client;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,68 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security.initiliazers;
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import eu.dnetlib.loginservice.security.oidc.OpenAIREAuthoritiesMapper;
|
|
||||||
import eu.dnetlib.loginservice.utils.EntryPoint;
|
|
||||||
import eu.dnetlib.loginservice.utils.ScopeReader;
|
|
||||||
import org.mitre.openid.connect.client.OIDCAuthenticationFilter;
|
|
||||||
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
|
|
||||||
import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder;
|
|
||||||
import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService;
|
|
||||||
import org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
|
|
||||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
public class Primitives {
|
|
||||||
|
|
||||||
private final Properties properties;
|
|
||||||
private final OpenAIREAuthoritiesMapper authoritiesMapper;;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public Primitives(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper) {
|
|
||||||
this.properties = properties;
|
|
||||||
this.authoritiesMapper = authoritiesMapper;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public ScopeReader scopeReader() {
|
|
||||||
return new ScopeReader(this.properties.getOidc().getScope());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public DefaultWebSecurityExpressionHandler handler() {
|
|
||||||
return new DefaultWebSecurityExpressionHandler();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public PlainAuthRequestUrlBuilder builder() {
|
|
||||||
return new PlainAuthRequestUrlBuilder();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public OIDCAuthenticationProvider provider() {
|
|
||||||
OIDCAuthenticationProvider provider = new OIDCAuthenticationProvider();
|
|
||||||
provider.setAuthoritiesMapper(authoritiesMapper);
|
|
||||||
return provider;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public StaticSingleIssuerService issuerService() {
|
|
||||||
StaticSingleIssuerService issuerService = new StaticSingleIssuerService();
|
|
||||||
issuerService.setIssuer(properties.getOidc().getIssuer());
|
|
||||||
return issuerService;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public EntryPoint entryPoint() {
|
|
||||||
return new EntryPoint();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public StaticAuthRequestOptionsService optionsService() {
|
|
||||||
return new StaticAuthRequestOptionsService();
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,48 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security.initiliazers;
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import eu.dnetlib.loginservice.utils.ScopeReader;
|
|
||||||
import org.mitre.oauth2.model.RegisteredClient;
|
|
||||||
import org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService;
|
|
||||||
import org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService;
|
|
||||||
import org.mitre.openid.connect.config.ServerConfiguration;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
public class Services {
|
|
||||||
|
|
||||||
private final Properties properties;
|
|
||||||
private final ServerConfiguration serverConfiguration;
|
|
||||||
private final RegisteredClient clientConfiguration;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public Services(Properties properties, ServerConfiguration serverConfiguration, RegisteredClient clientConfiguration) {
|
|
||||||
this.properties = properties;
|
|
||||||
this.serverConfiguration = serverConfiguration;
|
|
||||||
this.clientConfiguration = clientConfiguration;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public StaticServerConfigurationService serverConfigurationService() {
|
|
||||||
StaticServerConfigurationService configurationService = new StaticServerConfigurationService();
|
|
||||||
Map<String, ServerConfiguration> servers = new HashMap<>();
|
|
||||||
servers.put(properties.getOidc().getIssuer(), serverConfiguration);
|
|
||||||
configurationService.setServers(servers);
|
|
||||||
return configurationService;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public StaticClientConfigurationService clientConfigurationService() {
|
|
||||||
StaticClientConfigurationService configurationService = new StaticClientConfigurationService();
|
|
||||||
Map<String, RegisteredClient> clients = new HashMap<>();
|
|
||||||
clients.put(properties.getOidc().getIssuer(), clientConfiguration);
|
|
||||||
configurationService.setClients(clients);
|
|
||||||
return configurationService;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security.oidc;
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import eu.dnetlib.loginservice.utils.Redirect;
|
|
||||||
import org.apache.log4j.Logger;
|
|
||||||
import org.mitre.openid.connect.client.OIDCAuthenticationFilter;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
public class OpenAIREAuthenticationFilter extends OIDCAuthenticationFilter {
|
|
||||||
|
|
||||||
private final static Logger logger = Logger.getLogger(OpenAIREAuthenticationSuccessHandler.class);
|
|
||||||
private final Properties properties;
|
|
||||||
|
|
||||||
public OpenAIREAuthenticationFilter(Properties properties) {
|
|
||||||
super();
|
|
||||||
this.properties = properties;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void handleAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
|
|
||||||
Redirect.setRedirect(request, properties);
|
|
||||||
super.handleAuthorizationRequest(request, response);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,65 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security.oidc;
|
|
||||||
|
|
||||||
import com.google.gson.JsonParser;
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import org.apache.log4j.Logger;
|
|
||||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
|
||||||
import org.springframework.session.FindByIndexNameSessionRepository;
|
|
||||||
|
|
||||||
import javax.servlet.http.Cookie;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.Base64;
|
|
||||||
import java.util.Date;
|
|
||||||
import java.util.regex.Matcher;
|
|
||||||
import java.util.regex.Pattern;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
public class OpenAIREAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
|
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(OpenAIREAuthenticationSuccessHandler.class);
|
|
||||||
private final Properties properties;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public OpenAIREAuthenticationSuccessHandler(Properties properties) {
|
|
||||||
this.properties = properties;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
|
|
||||||
throws IOException {
|
|
||||||
OIDCAuthenticationToken token = (OIDCAuthenticationToken) authentication;
|
|
||||||
HttpSession session = request.getSession();
|
|
||||||
String redirect = (String) session.getAttribute("redirect");
|
|
||||||
session.setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, token.getUserInfo().getSub());
|
|
||||||
try {
|
|
||||||
Cookie accessToken = new Cookie("AccessToken", token.getAccessTokenValue());
|
|
||||||
String regex = "^([A-Za-z0-9-_=]+)\\.([A-Za-z0-9-_=]+)\\.?([A-Za-z0-9-_.+=]*)$";
|
|
||||||
Matcher matcher = Pattern.compile(regex).matcher(token.getAccessTokenValue());
|
|
||||||
if (matcher.find()) {
|
|
||||||
long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong();
|
|
||||||
accessToken.setMaxAge((int) (exp - (new Date().getTime() / 1000)));
|
|
||||||
} else {
|
|
||||||
accessToken.setMaxAge(3600);
|
|
||||||
}
|
|
||||||
accessToken.setPath("/");
|
|
||||||
accessToken.setDomain(properties.getDomain());
|
|
||||||
response.addCookie(accessToken);
|
|
||||||
if(redirect != null) {
|
|
||||||
response.sendRedirect(redirect);
|
|
||||||
session.removeAttribute("redirect");
|
|
||||||
} else {
|
|
||||||
response.sendRedirect(properties.getRedirect());
|
|
||||||
}
|
|
||||||
} catch (IOException e) {
|
|
||||||
logger.error("IOException in redirection ", e);
|
|
||||||
throw new IOException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,21 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security.oidc;
|
|
||||||
|
|
||||||
import com.google.gson.JsonArray;
|
|
||||||
import com.nimbusds.jwt.JWT;
|
|
||||||
import eu.dnetlib.loginservice.utils.AuthoritiesMapper;
|
|
||||||
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
|
|
||||||
import org.mitre.openid.connect.model.UserInfo;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
|
||||||
import org.springframework.stereotype.Component;
|
|
||||||
|
|
||||||
import java.util.Collection;
|
|
||||||
|
|
||||||
@Component
|
|
||||||
public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) {
|
|
||||||
JsonArray entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements");
|
|
||||||
return AuthoritiesMapper.map(entitlements);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security.oidc;
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import eu.dnetlib.loginservice.utils.Redirect;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
|
||||||
import org.springframework.stereotype.Service;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
|
|
||||||
@Service
|
|
||||||
public class OpenAIRELogoutHandler implements LogoutHandler {
|
|
||||||
|
|
||||||
private final Properties properties;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public OpenAIRELogoutHandler(Properties properties) {
|
|
||||||
this.properties = properties;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
|
|
||||||
Redirect.setRedirect(request, properties);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.security.oidc;
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
@Configuration
|
|
||||||
public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler {
|
|
||||||
|
|
||||||
private final Properties properties;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
public OpenAIRELogoutSuccessHandler(Properties properties) {
|
|
||||||
this.properties = properties;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
|
|
||||||
HttpSession session = request.getSession();
|
|
||||||
String redirect = (String) session.getAttribute("redirect");
|
|
||||||
session.removeAttribute("redirect");
|
|
||||||
if(redirect == null) {
|
|
||||||
redirect = properties.getRedirect();
|
|
||||||
}
|
|
||||||
session.invalidate();
|
|
||||||
response.sendRedirect(properties.getOidc().getLogout() + redirect);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,41 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.utils;
|
|
||||||
|
|
||||||
import com.google.gson.JsonArray;
|
|
||||||
import com.google.gson.JsonElement;
|
|
||||||
import org.apache.log4j.Logger;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|
||||||
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.regex.Matcher;
|
|
||||||
import java.util.regex.Pattern;
|
|
||||||
|
|
||||||
public class AuthoritiesMapper {
|
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(AuthoritiesMapper.class);
|
|
||||||
|
|
||||||
public static Collection<? extends GrantedAuthority> map(JsonArray entitlements) {
|
|
||||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>();
|
|
||||||
String regex = "urn:geant:openaire[.]eu:group:([^:]*):?(.*)?:role=member#aai[.]openaire[.]eu";
|
|
||||||
for(JsonElement obj: entitlements) {
|
|
||||||
Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString());
|
|
||||||
if (matcher.find()) {
|
|
||||||
StringBuilder sb = new StringBuilder();
|
|
||||||
if(matcher.group(1) != null && matcher.group(1).length() > 0) {
|
|
||||||
sb.append(matcher.group(1).replace("+-+", "_").replaceAll("[+.]", "_").toUpperCase());
|
|
||||||
}
|
|
||||||
if(matcher.group(2).length() > 0) {
|
|
||||||
sb.append("_");
|
|
||||||
if(matcher.group(2).equals("admins")) {
|
|
||||||
sb.append("MANAGER");
|
|
||||||
} else {
|
|
||||||
sb.append(matcher.group(2).toUpperCase());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
authorities.add(new SimpleGrantedAuthority(sb.toString()));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return authorities;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,19 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.utils;
|
|
||||||
|
|
||||||
import org.springframework.security.core.AuthenticationException;
|
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
public class EntryPoint implements AuthenticationEntryPoint {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void commence(HttpServletRequest request, HttpServletResponse response,
|
|
||||||
AuthenticationException authException) throws IOException {
|
|
||||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.utils;
|
|
||||||
|
|
||||||
|
|
||||||
import eu.dnetlib.loginservice.properties.Properties;
|
|
||||||
import org.apache.http.client.utils.URIBuilder;
|
|
||||||
import org.apache.log4j.Logger;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpSession;
|
|
||||||
import java.net.URISyntaxException;
|
|
||||||
import java.util.Enumeration;
|
|
||||||
|
|
||||||
public class Redirect {
|
|
||||||
|
|
||||||
private final static Logger logger = Logger.getLogger(Redirect.class);
|
|
||||||
|
|
||||||
private static String getDomain(String url) throws URISyntaxException {
|
|
||||||
URIBuilder uriBuilder = new URIBuilder(url);
|
|
||||||
return uriBuilder.getHost();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void setRedirect(HttpServletRequest request, Properties properties) {
|
|
||||||
HttpSession session = request.getSession();
|
|
||||||
Enumeration<String> params = request.getParameterNames();
|
|
||||||
while (params.hasMoreElements()) {
|
|
||||||
String param = params.nextElement();
|
|
||||||
if(param.equalsIgnoreCase("redirect")) {
|
|
||||||
String redirect = request.getParameter(param);
|
|
||||||
try {
|
|
||||||
if(getDomain(redirect).endsWith(properties.getDomain())) {
|
|
||||||
session.setAttribute("redirect", redirect);
|
|
||||||
}
|
|
||||||
} catch (URISyntaxException e) {
|
|
||||||
logger.error(e.getMessage());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,25 +0,0 @@
|
||||||
package eu.dnetlib.loginservice.utils;
|
|
||||||
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
public class ScopeReader {
|
|
||||||
|
|
||||||
Set<String> scopes;
|
|
||||||
|
|
||||||
public ScopeReader(String property) {
|
|
||||||
if (!property.trim().isEmpty()){
|
|
||||||
scopes = new HashSet<>();
|
|
||||||
Collections.addAll(scopes, property.split(","));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public Set<String> getScopes() {
|
|
||||||
return scopes;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setScopes(Set<String> scopes) {
|
|
||||||
this.scopes = scopes;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
authentication.domain=di.uoa.gr
|
|
||||||
authentication.oidc.issuer=https://aai.openaire.eu/oidc/
|
|
||||||
authentication.oidc.logout=https://aai.openaire.eu/proxy/saml2/idp/SingleLogoutService.php?ReturnTo=
|
|
||||||
authentication.oidc.home=http://mpagasas.di.uoa.gr:8090/openid_connect_login
|
|
||||||
authentication.oidc.scope=openid,profile,email,eduperson_entitlement
|
|
||||||
authentication.oidc.id=id
|
|
||||||
authentication.oidc.secret=secret
|
|
||||||
authentication.session=openAIRESession
|
|
||||||
authentication.redirect=http://mpagasas.di.uoa.gr:4600/reload
|
|
|
@ -1,20 +0,0 @@
|
||||||
log4j.rootLogger = DEBUG, R
|
|
||||||
|
|
||||||
log4j.logger.eu.dnetlib = DEBUG
|
|
||||||
log4j.logger.org.springframework = DEBUG, S
|
|
||||||
|
|
||||||
log4j.additivity.org.springframework = false
|
|
||||||
|
|
||||||
log4j.appender.R=org.apache.log4j.RollingFileAppender
|
|
||||||
log4j.appender.R.File=/var/log/dnet/login-service/login-service.log
|
|
||||||
log4j.appender.R.MaxFileSize=10MB
|
|
||||||
log4j.appender.R.MaxBackupIndex=10
|
|
||||||
log4j.appender.R.layout=org.apache.log4j.PatternLayout
|
|
||||||
log4j.appender.R.layout.ConversionPattern= %d %p %t [%c] - %m%n
|
|
||||||
|
|
||||||
log4j.appender.S=org.apache.log4j.RollingFileAppender
|
|
||||||
log4j.appender.S.File=/var/log/dnet/login-service/login-service-spring.log
|
|
||||||
log4j.appender.S.MaxFileSize=10MB
|
|
||||||
log4j.appender.S.MaxBackupIndex=10
|
|
||||||
log4j.appender.S.layout=org.apache.log4j.PatternLayout
|
|
||||||
log4j.appender.S.layout.ConversionPattern= %d %p %t [%c] - %m%n
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<Configuration status="WARN" monitorInterval="30">
|
||||||
|
<Properties>
|
||||||
|
<Property name="LOG_PATTERN">
|
||||||
|
%d %p %t [%c] - %m%n
|
||||||
|
</Property>
|
||||||
|
</Properties>
|
||||||
|
<Appenders>
|
||||||
|
<!-- Rolling File Appender -->
|
||||||
|
<RollingFile name="R" fileName="/var/log/dnet/login-service/login-service.log"
|
||||||
|
filePattern="/var/log/dnet/login-service/login-service-%d{yyyy-MM-dd}-%i.log">
|
||||||
|
<PatternLayout>
|
||||||
|
<Pattern>${LOG_PATTERN}</Pattern>
|
||||||
|
</PatternLayout>
|
||||||
|
<Policies>
|
||||||
|
<SizeBasedTriggeringPolicy size="10MB" />
|
||||||
|
</Policies>
|
||||||
|
<DefaultRolloverStrategy max="10"/>
|
||||||
|
</RollingFile>
|
||||||
|
<RollingFile name="S" fileName="/var/log/dnet/login-service/login-service-spring.log"
|
||||||
|
filePattern="/var/log/dnet/login-service/login-service-spring-%d{yyyy-MM-dd}-%i.log">
|
||||||
|
<PatternLayout>
|
||||||
|
<Pattern>${LOG_PATTERN}</Pattern>
|
||||||
|
</PatternLayout>
|
||||||
|
<Policies>
|
||||||
|
<SizeBasedTriggeringPolicy size="10MB" />
|
||||||
|
</Policies>
|
||||||
|
<DefaultRolloverStrategy max="10"/>
|
||||||
|
</RollingFile>
|
||||||
|
</Appenders>
|
||||||
|
<Loggers>
|
||||||
|
<Logger name="eu.dnetlib" level="debug" additivity="false">
|
||||||
|
<AppenderRef ref="R"/>
|
||||||
|
</Logger>
|
||||||
|
<Root level="info">
|
||||||
|
<AppenderRef ref="S"/>
|
||||||
|
</Root>
|
||||||
|
</Loggers>
|
||||||
|
</Configuration>
|
|
@ -0,0 +1,7 @@
|
||||||
|
## API Documentation Properties
|
||||||
|
api.title = Login Service
|
||||||
|
api.description = Login service provides methods to authenticate users through AAI provider and retrieve information of authenticated user.
|
||||||
|
api.version = ${project.version}
|
||||||
|
|
||||||
|
login-service.global-vars.buildDate=@timestamp@
|
||||||
|
login-service.global-vars.version=@project.version@
|
Loading…
Reference in New Issue