Compare commits

..

No commits in common. "master" and "uoa-login-core-2.0.0" have entirely different histories.

17 changed files with 72 additions and 345 deletions

View File

@ -7,17 +7,17 @@
<version>1.0.0</version>
</parent>
<artifactId>uoa-login-core</artifactId>
<version>2.1.2-SNAPSHOT</version>
<version>2.0.0</version>
<packaging>jar</packaging>
<name>uoa-login-core</name>
<scm>
<developerConnection>scm:git:gitea@code-repo.d4science.org:MaDgIK/uoa-login-core.git</developerConnection>
<tag>HEAD</tag>
<tag>uoa-login-core-2.0.0</tag>
</scm>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<timestampLoginCore>${maven.build.timestamp}</timestampLoginCore>
<timestampLogincORE>${maven.build.timestamp}</timestampLogincORE>
<maven.build.timestamp.format>E MMM dd HH:mm:ss z yyyy</maven.build.timestamp.format>
</properties>
<dependencies>

View File

@ -0,0 +1,38 @@
package eu.dnetlib.authentication.configuration;
import org.springframework.boot.context.properties.ConfigurationProperties;
@ConfigurationProperties("api")
public class APIProperties {
private String title;
private String description;
private String version;
public APIProperties() {
}
public String getTitle() {
return title;
}
public void setTitle(String title) {
this.title = title;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public String getVersion() {
return version;
}
public void setVersion(String version) {
this.version = version;
}
}

View File

@ -1,32 +1,24 @@
package eu.dnetlib.authentication.configuration;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import java.util.HashMap;
import java.util.Map;
@Configuration
@EnableConfigurationProperties({Properties.class, GlobalVars.class})
@EnableConfigurationProperties({Properties.class, APIProperties.class})
@ComponentScan(basePackages = {"eu.dnetlib.authentication"})
public class AuthenticationConfiguration {
private final Properties properties;
private final GlobalVars globalVars;
@Autowired
public AuthenticationConfiguration(Properties properties, GlobalVars globalVars) {
public AuthenticationConfiguration(Properties properties) {
this.properties = properties;
this.globalVars = globalVars;
}
public Map<String, String> getProperties() {
@ -45,36 +37,6 @@ public class AuthenticationConfiguration {
map.put("authentication.accessToken", properties.getAccessToken());
map.put("authentication.redirect", properties.getRedirect());
map.put("authentication.authorities-mapper", properties.getAuthoritiesMapper());
if(GlobalVars.date != null) {
map.put("Date of deploy", GlobalVars.date.toString());
}
if(globalVars.getBuildDate() != null) {
map.put("Date of build", globalVars.getBuildDate());
}
if (globalVars.getVersion() != null) {
map.put("Version", globalVars.getVersion());
}
return map;
}
@Bean
RestTemplate restTemplate() {
RestTemplate restTemplate = new RestTemplate();
MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
converter.setObjectMapper(new ObjectMapper());
restTemplate.getMessageConverters().add(converter);
return restTemplate;
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
.allowCredentials(true);
}
};
}
}

View File

@ -1,31 +0,0 @@
package eu.dnetlib.authentication.configuration;
import org.springframework.boot.context.properties.ConfigurationProperties;
import java.util.Date;
@ConfigurationProperties("authentication.global-vars")
public class GlobalVars {
public static Date date = new Date();
private Date buildDate;
private String version;
public String getBuildDate() {
if(buildDate == null) {
return null;
}
return buildDate.toString();
}
public void setBuildDate(Date buildDate) {
this.buildDate = buildDate;
}
public String getVersion() {
return this.version;
}
public void setVersion(String version) {
this.version = version;
}
}

View File

@ -1,39 +0,0 @@
package eu.dnetlib.authentication.controllers;
import eu.dnetlib.authentication.configuration.AuthenticationConfiguration;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.util.Map;
@RestController
@CrossOrigin(origins = "*")
@RequestMapping("/login-core")
public class LoginCoreCheckDeployController {
private final Logger log = LogManager.getLogger(this.getClass());
private final AuthenticationConfiguration configuration;
@Autowired
public LoginCoreCheckDeployController(AuthenticationConfiguration configuration) {
this.configuration = configuration;
}
@RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)
public String hello() {
log.debug("Hello from Login Core");
return "Hello from Login Core!";
}
@PreAuthorize("hasAnyAuthority('PORTAL_ADMINISTRATOR')")
@RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
public Map<String, String> checkEverything() {
Map<String, String> response = configuration.getProperties();
return response;
}
}

View File

@ -1,15 +1,12 @@
package eu.dnetlib.authentication.controllers;
import eu.dnetlib.authentication.entities.TokenResponse;
import eu.dnetlib.authentication.entities.User;
import eu.dnetlib.authentication.configuration.Properties;
import eu.dnetlib.authentication.services.UserInfoService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
@ -34,19 +31,7 @@ public class UserController {
return ResponseEntity.ok(userInfoService.getUserInfo());
}
@RequestMapping(value = "/accessToken", method = RequestMethod.GET)
@PreAuthorize("@SecurityService.hasRefreshToken()")
public ResponseEntity<TokenResponse> getAccessToken(@RequestParam(name = "refreshToken") String refreshToken) {
return ResponseEntity.ok(this.userInfoService.getAccessToken(refreshToken));
}
@RequestMapping(value = "/revoke", method = RequestMethod.POST)
@PreAuthorize("@SecurityService.hasRefreshToken()")
public void revoke() {
this.userInfoService.revoke();
}
@RequestMapping(value = "/redirect", method = RequestMethod.GET)
@RequestMapping(value = "/redirect",method = RequestMethod.GET)
public void redirect(HttpServletRequest request, HttpServletResponse response) throws IOException {
HttpSession session = request.getSession();
String redirect = (String) session.getAttribute("redirect");

View File

@ -1,37 +0,0 @@
package eu.dnetlib.authentication.entities;
public class TokenResponse {
String access_token;
Long expires_in;
String id_token;
String refresh_token;
String scope;
String token_type;
public TokenResponse() {
}
public String getAccess_token() {
return access_token;
}
public Long getExpires_in() {
return expires_in;
}
public String getId_token() {
return id_token;
}
public String getRefresh_token() {
return refresh_token;
}
public String getScope() {
return scope;
}
public String getToken_type() {
return token_type;
}
}

View File

@ -13,10 +13,7 @@ public class User {
private String given_name;
private String family_name;
private String email;
private String orcid;
private Set<String> roles;
private String accessToken;
private String refreshToken;
public User(OIDCAuthenticationToken token) {
this.sub = token.getUserInfo().getSub();
@ -24,12 +21,7 @@ public class User {
this.given_name = token.getUserInfo().getGivenName();
this.family_name = token.getUserInfo().getFamilyName();
this.email = token.getUserInfo().getEmail();
if(token.getUserInfo().getSource().get("orcid") != null) {
this.orcid = token.getUserInfo().getSource().get("orcid").getAsString();
}
this.roles = token.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
this.accessToken = token.getAccessTokenValue();
this.refreshToken = token.getRefreshTokenValue();
}
public String getSub() {
@ -72,14 +64,6 @@ public class User {
this.email = email;
}
public String getOrcid() {
return orcid;
}
public void setOrcid(String orcid) {
this.orcid = orcid;
}
public Set<String> getRoles() {
return roles;
}
@ -87,20 +71,4 @@ public class User {
public void setRoles(Set<String> roles) {
this.roles = roles;
}
public String getAccessToken() {
return accessToken;
}
public void setAccessToken(String accessToken) {
this.accessToken = accessToken;
}
public String getRefreshToken() {
return refreshToken;
}
public void setRefreshToken(String refreshToken) {
this.refreshToken = refreshToken;
}
}

View File

@ -0,0 +1,16 @@
package eu.dnetlib.authentication.security;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class CorsConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
.allowCredentials(true);
}
}

View File

@ -1,13 +1,12 @@
package eu.dnetlib.authentication.security.initiliazers;
import eu.dnetlib.authentication.configuration.Properties;
import eu.dnetlib.authentication.security.oidc.DefaultAuthoritiesMapper;
import eu.dnetlib.authentication.security.oidc.OpenAIREAuthoritiesMapper;
import eu.dnetlib.authentication.security.oidc.OpenAIREUserInfoFetcher;
import eu.dnetlib.authentication.utils.PropertyReader;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
import org.mitre.openid.connect.config.ServerConfiguration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
@ -15,20 +14,19 @@ import org.springframework.context.annotation.Configuration;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Optional;
@Configuration
public class Configurations {
private final Properties properties;
private final PropertyReader scopeReader;
private final OpenAIREAuthoritiesMapper authoritiesMapper;
private final OpenAIREUserInfoFetcher userInfoFetcher;
private final OIDCAuthoritiesMapper authoritiesMapper;
@Autowired
public Configurations(Properties properties, Optional<OIDCAuthoritiesMapper> authoritiesMapper, OpenAIREUserInfoFetcher userInfoFetcher, PropertyReader scopeReader) {
public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, OpenAIREUserInfoFetcher userInfoFetcher, PropertyReader scopeReader) {
this.properties = properties;
this.authoritiesMapper = authoritiesMapper.orElse(new DefaultAuthoritiesMapper());
this.authoritiesMapper = authoritiesMapper;
this.userInfoFetcher = userInfoFetcher;
this.scopeReader = scopeReader;
}
@ -39,7 +37,7 @@ public class Configurations {
if(properties.getKeycloak()) {
provider.setUserInfoFetcher(this.userInfoFetcher);
}
if(this.authoritiesMapper != null) {
if(this.properties.getAuthoritiesMapper() != null && this.scopeReader.getScopes().contains(this.properties.getAuthoritiesMapper())) {
provider.setAuthoritiesMapper(this.authoritiesMapper);
}
return provider;
@ -56,14 +54,13 @@ public class Configurations {
serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
serverConfiguration.setUserInfoUri(issuer + "/protocol/openid-connect/userinfo");
serverConfiguration.setJwksUri(issuer + "/protocol/openid-connect/certs");
serverConfiguration.setRevocationEndpointUri(issuer + "/protocol/openid-connect/revoke");
} else {
serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize");
serverConfiguration.setTokenEndpointUri(issuer + "token");
serverConfiguration.setUserInfoUri(issuer + "userinfo");
serverConfiguration.setJwksUri(issuer + "jwk");
serverConfiguration.setRevocationEndpointUri(issuer + "revoke");
serverConfiguration.setAuthorizationEndpointUri(issuer + "/authorize");
serverConfiguration.setTokenEndpointUri(issuer + "/token");
serverConfiguration.setUserInfoUri(issuer + "/userinfo");
serverConfiguration.setJwksUri(issuer + "/jwk");
}
serverConfiguration.setRevocationEndpointUri(issuer + "/revoke");
return serverConfiguration;
}

View File

@ -1,17 +0,0 @@
package eu.dnetlib.authentication.security.oidc;
import com.nimbusds.jwt.JWT;
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
import org.mitre.openid.connect.model.UserInfo;
import org.springframework.security.core.GrantedAuthority;
import java.util.Collection;
import java.util.HashSet;
public class DefaultAuthoritiesMapper implements OIDCAuthoritiesMapper {
@Override
public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) {
return new HashSet<>();
}
}

View File

@ -6,12 +6,7 @@ import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mitre.openid.connect.client.OIDCAuthenticationFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@ -25,24 +20,6 @@ public class OpenAIREAuthenticationFilter extends OIDCAuthenticationFilter {
this.properties = properties;
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
final HttpServletRequestWrapper wrapped = new HttpServletRequestWrapper((HttpServletRequest) req) {
@Override
public StringBuffer getRequestURL() {
final StringBuffer originalUrl = ((HttpServletRequest) getRequest()).getRequestURL();
if(originalUrl.toString().contains(OIDCAuthenticationFilter.FILTER_PROCESSES_URL)) {
return new StringBuffer(properties.getOidc().getHome());
} else if(properties.getOidc().getRedirect() != null){
return new StringBuffer(properties.getOidc().getRedirect());
} else {
return originalUrl;
}
}
};
super.doFilter(wrapped, res, chain);
}
@Override
protected void handleAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
Redirect.setRedirect(request, properties);

View File

@ -7,16 +7,12 @@ import eu.dnetlib.authentication.utils.AuthoritiesMapper;
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
import org.mitre.openid.connect.model.UserInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import java.util.Collection;
@Component
@ConditionalOnProperty(
value="authentication.authorities-mapper",
havingValue = "eduperson_entitlement")
public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper {
private final Properties properties;

View File

@ -46,7 +46,7 @@ public class OpenAIRELogoutSuccessHandler implements LogoutSuccessHandler {
sb.append("?client_id=").append(properties.getOidc().getId());
sb.append("&post_logout_redirect_uri=").append(encodeValue(properties.getOidc().getRedirect()));
} else {
sb.append("saml/logout");
sb.append("/saml/logout");
}
response.sendRedirect(sb.toString());
}

View File

@ -1,22 +0,0 @@
package eu.dnetlib.authentication.services;
import eu.dnetlib.authentication.utils.PropertyReader;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.util.Set;
@Component(value = "SecurityService")
public class SecurityService {
Set<String> scopes;
@Autowired
public SecurityService(PropertyReader reader) {
this.scopes = reader.getScopes();
}
public boolean hasRefreshToken() {
return this.scopes.contains("offline_access");
}
}

View File

@ -1,83 +1,20 @@
package eu.dnetlib.authentication.services;
import eu.dnetlib.authentication.configuration.Properties;
import eu.dnetlib.authentication.entities.TokenResponse;
import eu.dnetlib.authentication.entities.User;
import eu.dnetlib.authentication.exception.ResourceNotFoundException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.config.ServerConfiguration;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.*;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;
@Service
public class UserInfoService {
private static final Logger logger = LogManager.getLogger(UserInfoService.class);
RestTemplate restTemplate;
String issuer;
RegisteredClient client;
ServerConfiguration server;
@Autowired
public UserInfoService(RestTemplate restTemplate, Properties properties, RegisteredClient client, ServerConfiguration server) {
this.restTemplate = restTemplate;
this.issuer = properties.getOidc().getIssuer();
this.server = server;
this.client = client;
}
public User getUserInfo() throws ResourceNotFoundException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof OIDCAuthenticationToken) {
if(authentication instanceof OIDCAuthenticationToken) {
return new User((OIDCAuthenticationToken) authentication);
}
throw new ResourceNotFoundException("No Session has been found");
}
public TokenResponse getAccessToken(String refreshToken) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(getTokenRequest(refreshToken), headers);
return restTemplate.postForObject(this.server.getTokenEndpointUri(), entity, TokenResponse.class);
}
public MultiValueMap<String, String> getTokenRequest(String refreshToken) {
MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
map.add("client_id", this.client.getClientId());
map.add("client_secret", this.client.getClientSecret());
map.add("grant_type", "refresh_token");
map.add("refresh_token", refreshToken);
map.add("scope", "openid");
return map;
}
public void revoke() {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(revokeTokenRequest(authentication.getRefreshTokenValue()), headers);
try {
restTemplate.exchange(server.getRevocationEndpointUri(), HttpMethod.POST, entity, String.class);
} catch (Exception e) {
logger.error("Couldn't revoke refresh Tokens");
}
}
public MultiValueMap<String, String> revokeTokenRequest(String refreshToken) {
MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
map.add("client_id", this.client.getClientId());
map.add("client_secret", this.client.getClientSecret());
map.add("token", refreshToken);
return map;
}
}

View File

@ -14,6 +14,3 @@ authentication.accessToken=AccessToken
authentication.redirect=http://mpagasas.di.uoa.gr:4600/reload
#authentication.authorities-mapper=eduperson_entitlement
authentication.global-vars.buildDate=@timestampLoginCore@
authentication.global-vars.version=@project.version@