MaDgIK
/
uoa-login-core
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: MaDgIK:master
Branches Tags
MaDgIK:master
MaDgIK:spring-boot-3
MaDgIK:uoa-login-core-3.0.3
MaDgIK:uoa-login-core-3.0.2
MaDgIK:uoa-login-core-3.0.1
MaDgIK:uoa-login-core-3.0.0
MaDgIK:uoa-login-core-2.1.1
MaDgIK:uoa-login-core-2.1.0
MaDgIK:uoa-login-core-2.0.3
MaDgIK:uoa-login-core-2.0.2
MaDgIK:uoa-login-core-2.0.1
MaDgIK:uoa-login-core-2.0.0
..
compare: MaDgIK:uoa-login-core-2.0.1
Branches Tags
MaDgIK:spring-boot-3
MaDgIK:master
MaDgIK:uoa-login-core-3.0.3
MaDgIK:uoa-login-core-3.0.2
MaDgIK:uoa-login-core-3.0.1
MaDgIK:uoa-login-core-3.0.0
MaDgIK:uoa-login-core-2.1.1
MaDgIK:uoa-login-core-2.1.0
MaDgIK:uoa-login-core-2.0.3
MaDgIK:uoa-login-core-2.0.2
MaDgIK:uoa-login-core-2.0.1
MaDgIK:uoa-login-core-2.0.0

No commits in common. "master" and "uoa-login-core-2.0.1" have entirely different histories.
master ... uoa-login-

15 changed files with 163 additions and 184 deletions
Show Stats Expand all files Collapse all files

6
pom.xml
View File

@ -7,17 +7,17 @@
<version>1.0.0</version>
</parent>
<artifactId>uoa-login-core</artifactId>
<version>2.1.2-SNAPSHOT</version>
<version>2.0.1</version>
<packaging>jar</packaging>
<name>uoa-login-core</name>
<scm>
<developerConnection>scm:git:gitea@code-repo.d4science.org:MaDgIK/uoa-login-core.git</developerConnection>
<tag>HEAD</tag>
<tag>uoa-login-core-2.0.1</tag>
</scm>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<timestampLoginCore>${maven.build.timestamp}</timestampLoginCore>
<timestampLogincORE>${maven.build.timestamp}</timestampLogincORE>
<maven.build.timestamp.format>E MMM dd HH:mm:ss z yyyy</maven.build.timestamp.format>
</properties>
<dependencies>

38
src/main/java/eu/dnetlib/authentication/configuration/APIProperties.java Normal file
View File

@ -0,0 +1,38 @@
package eu.dnetlib.authentication.configuration;
import org.springframework.boot.context.properties.ConfigurationProperties;
@ConfigurationProperties("api")
public class APIProperties {
private String title;
private String description;
private String version;
public APIProperties() {
}
public String getTitle() {
return title;
}
public void setTitle(String title) {
this.title = title;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public String getVersion() {
return version;
}
public void setVersion(String version) {
this.version = version;
}
}

30
src/main/java/eu/dnetlib/authentication/configuration/AuthenticationConfiguration.java
View File

@ -8,25 +8,20 @@ import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import java.util.HashMap;
import java.util.Map;
@Configuration
@EnableConfigurationProperties({Properties.class, GlobalVars.class})
@EnableConfigurationProperties({Properties.class, APIProperties.class})
@ComponentScan(basePackages = {"eu.dnetlib.authentication"})
public class AuthenticationConfiguration {
private final Properties properties;
private final GlobalVars globalVars;
@Autowired
public AuthenticationConfiguration(Properties properties, GlobalVars globalVars) {
public AuthenticationConfiguration(Properties properties) {
this.properties = properties;
this.globalVars = globalVars;
}
public Map<String, String> getProperties() {
@ -45,15 +40,6 @@ public class AuthenticationConfiguration {
map.put("authentication.accessToken", properties.getAccessToken());
map.put("authentication.redirect", properties.getRedirect());
map.put("authentication.authorities-mapper", properties.getAuthoritiesMapper());
if(GlobalVars.date != null) {
map.put("Date of deploy", GlobalVars.date.toString());
}
if(globalVars.getBuildDate() != null) {
map.put("Date of build", globalVars.getBuildDate());
}
if (globalVars.getVersion() != null) {
map.put("Version", globalVars.getVersion());
}
return map;
}
@ -65,16 +51,4 @@ public class AuthenticationConfiguration {
restTemplate.getMessageConverters().add(converter);
return restTemplate;
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
.allowCredentials(true);
}
};
}
}

31
src/main/java/eu/dnetlib/authentication/configuration/GlobalVars.java
View File

@ -1,31 +0,0 @@
package eu.dnetlib.authentication.configuration;
import org.springframework.boot.context.properties.ConfigurationProperties;
import java.util.Date;
@ConfigurationProperties("authentication.global-vars")
public class GlobalVars {
public static Date date = new Date();
private Date buildDate;
private String version;
public String getBuildDate() {
if(buildDate == null) {
return null;
}
return buildDate.toString();
}
public void setBuildDate(Date buildDate) {
this.buildDate = buildDate;
}
public String getVersion() {
return this.version;
}
public void setVersion(String version) {
this.version = version;
}
}

39
src/main/java/eu/dnetlib/authentication/controllers/LoginCoreCheckDeployController.java
View File

@ -1,39 +0,0 @@
package eu.dnetlib.authentication.controllers;
import eu.dnetlib.authentication.configuration.AuthenticationConfiguration;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.util.Map;
@RestController
@CrossOrigin(origins = "*")
@RequestMapping("/login-core")
public class LoginCoreCheckDeployController {
private final Logger log = LogManager.getLogger(this.getClass());
private final AuthenticationConfiguration configuration;
@Autowired
public LoginCoreCheckDeployController(AuthenticationConfiguration configuration) {
this.configuration = configuration;
}
@RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)
public String hello() {
log.debug("Hello from Login Core");
return "Hello from Login Core!";
}
@PreAuthorize("hasAnyAuthority('PORTAL_ADMINISTRATOR')")
@RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)
public Map<String, String> checkEverything() {
Map<String, String> response = configuration.getProperties();
return response;
}
}

6
src/main/java/eu/dnetlib/authentication/controllers/UserController.java
View File

@ -40,10 +40,10 @@ public class UserController {
return ResponseEntity.ok(this.userInfoService.getAccessToken(refreshToken));
}
@RequestMapping(value = "/revoke", method = RequestMethod.POST)
@RequestMapping(value = "/refresh", method = RequestMethod.DELETE)
@PreAuthorize("@SecurityService.hasRefreshToken()")
public void revoke() {
this.userInfoService.revoke();
public void deleteOldRefreshToken() {
this.userInfoService.deleteOldRefreshTokens();
}
@RequestMapping(value = "/redirect", method = RequestMethod.GET)

72
src/main/java/eu/dnetlib/authentication/entities/RefreshToken.java Normal file
View File

@ -0,0 +1,72 @@
package eu.dnetlib.authentication.entities;
import java.util.Arrays;
public class RefreshToken {
private String value;
private int id;
private String[] scopes;
private String clientId;
private String userId;
private String expiration;
public String getValue() {
return value;
}
public void setValue(String value) {
this.value = value;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String[] getScopes() {
return scopes;
}
public void setScopes(String[] scopes) {
this.scopes = scopes;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getExpiration() {
return expiration;
}
public void setExpiration(String expiration) {
this.expiration = expiration;
}
@Override
public String toString() {
return "RefreshToken{" +
"value='" + value + '\'' +
", id=" + id +
", scopes=" + Arrays.toString(scopes) +
", clientId='" + clientId + '\'' +
", userId='" + userId + '\'' +
", expiration='" + expiration + '\'' +
'}';
}
}

12
src/main/java/eu/dnetlib/authentication/entities/User.java
View File

@ -13,7 +13,6 @@ public class User {
private String given_name;
private String family_name;
private String email;
private String orcid;
private Set<String> roles;
private String accessToken;
private String refreshToken;
@ -24,9 +23,6 @@ public class User {
this.given_name = token.getUserInfo().getGivenName();
this.family_name = token.getUserInfo().getFamilyName();
this.email = token.getUserInfo().getEmail();
if(token.getUserInfo().getSource().get("orcid") != null) {
this.orcid = token.getUserInfo().getSource().get("orcid").getAsString();
}
this.roles = token.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
this.accessToken = token.getAccessTokenValue();
this.refreshToken = token.getRefreshTokenValue();
@ -72,14 +68,6 @@ public class User {
this.email = email;
}
public String getOrcid() {
return orcid;
}
public void setOrcid(String orcid) {
this.orcid = orcid;
}
public Set<String> getRoles() {
return roles;
}

16
src/main/java/eu/dnetlib/authentication/security/CorsConfig.java Normal file
View File

@ -0,0 +1,16 @@
package eu.dnetlib.authentication.security;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class CorsConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")
.allowCredentials(true);
}
}

14
src/main/java/eu/dnetlib/authentication/security/initiliazers/Configurations.java
View File

@ -1,13 +1,12 @@
package eu.dnetlib.authentication.security.initiliazers;
import eu.dnetlib.authentication.configuration.Properties;
import eu.dnetlib.authentication.security.oidc.DefaultAuthoritiesMapper;
import eu.dnetlib.authentication.security.oidc.OpenAIREAuthoritiesMapper;
import eu.dnetlib.authentication.security.oidc.OpenAIREUserInfoFetcher;
import eu.dnetlib.authentication.utils.PropertyReader;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
import org.mitre.openid.connect.config.ServerConfiguration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
@ -15,20 +14,19 @@ import org.springframework.context.annotation.Configuration;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Optional;
@Configuration
public class Configurations {
private final Properties properties;
private final PropertyReader scopeReader;
private final OpenAIREAuthoritiesMapper authoritiesMapper;
private final OpenAIREUserInfoFetcher userInfoFetcher;
private final OIDCAuthoritiesMapper authoritiesMapper;
@Autowired
public Configurations(Properties properties, Optional<OIDCAuthoritiesMapper> authoritiesMapper, OpenAIREUserInfoFetcher userInfoFetcher, PropertyReader scopeReader) {
public Configurations(Properties properties, OpenAIREAuthoritiesMapper authoritiesMapper, OpenAIREUserInfoFetcher userInfoFetcher, PropertyReader scopeReader) {
this.properties = properties;
this.authoritiesMapper = authoritiesMapper.orElse(new DefaultAuthoritiesMapper());
this.authoritiesMapper = authoritiesMapper;
this.userInfoFetcher = userInfoFetcher;
this.scopeReader = scopeReader;
}
@ -39,7 +37,7 @@ public class Configurations {
if(properties.getKeycloak()) {
provider.setUserInfoFetcher(this.userInfoFetcher);
}
if(this.authoritiesMapper != null) {
if(this.properties.getAuthoritiesMapper() != null && this.scopeReader.getScopes().contains(this.properties.getAuthoritiesMapper())) {
provider.setAuthoritiesMapper(this.authoritiesMapper);
}
return provider;
@ -56,7 +54,7 @@ public class Configurations {
serverConfiguration.setTokenEndpointUri(issuer + "/protocol/openid-connect/token");
serverConfiguration.setUserInfoUri(issuer + "/protocol/openid-connect/userinfo");
serverConfiguration.setJwksUri(issuer + "/protocol/openid-connect/certs");
serverConfiguration.setRevocationEndpointUri(issuer + "/protocol/openid-connect/revoke");
serverConfiguration.setRevocationEndpointUri(issuer + "/revoke");
} else {
serverConfiguration.setAuthorizationEndpointUri(issuer + "authorize");
serverConfiguration.setTokenEndpointUri(issuer + "token");

17
src/main/java/eu/dnetlib/authentication/security/oidc/DefaultAuthoritiesMapper.java
View File

@ -1,17 +0,0 @@
package eu.dnetlib.authentication.security.oidc;
import com.nimbusds.jwt.JWT;
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
import org.mitre.openid.connect.model.UserInfo;
import org.springframework.security.core.GrantedAuthority;
import java.util.Collection;
import java.util.HashSet;
public class DefaultAuthoritiesMapper implements OIDCAuthoritiesMapper {
@Override
public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) {
return new HashSet<>();
}
}

23
src/main/java/eu/dnetlib/authentication/security/oidc/OpenAIREAuthenticationFilter.java
View File

@ -6,12 +6,7 @@ import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mitre.openid.connect.client.OIDCAuthenticationFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@ -25,24 +20,6 @@ public class OpenAIREAuthenticationFilter extends OIDCAuthenticationFilter {
this.properties = properties;
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
final HttpServletRequestWrapper wrapped = new HttpServletRequestWrapper((HttpServletRequest) req) {
@Override
public StringBuffer getRequestURL() {
final StringBuffer originalUrl = ((HttpServletRequest) getRequest()).getRequestURL();
if(originalUrl.toString().contains(OIDCAuthenticationFilter.FILTER_PROCESSES_URL)) {
return new StringBuffer(properties.getOidc().getHome());
} else if(properties.getOidc().getRedirect() != null){
return new StringBuffer(properties.getOidc().getRedirect());
} else {
return originalUrl;
}
}
};
super.doFilter(wrapped, res, chain);
}
@Override
protected void handleAuthorizationRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
Redirect.setRedirect(request, properties);

4
src/main/java/eu/dnetlib/authentication/security/oidc/OpenAIREAuthoritiesMapper.java
View File

@ -7,16 +7,12 @@ import eu.dnetlib.authentication.utils.AuthoritiesMapper;
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
import org.mitre.openid.connect.model.UserInfo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import java.util.Collection;
@Component
@ConditionalOnProperty(
value="authentication.authorities-mapper",
havingValue = "eduperson_entitlement")
public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper {
private final Properties properties;

36
src/main/java/eu/dnetlib/authentication/services/UserInfoService.java
View File

@ -1,6 +1,7 @@
package eu.dnetlib.authentication.services;
import eu.dnetlib.authentication.configuration.Properties;
import eu.dnetlib.authentication.entities.RefreshToken;
import eu.dnetlib.authentication.entities.TokenResponse;
import eu.dnetlib.authentication.entities.User;
import eu.dnetlib.authentication.exception.ResourceNotFoundException;
@ -18,6 +19,10 @@ import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
@Service
public class UserInfoService {
@ -60,24 +65,29 @@ public class UserInfoService {
return map;
}
public void revoke() {
public void deleteOldRefreshTokens() {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(revokeTokenRequest(authentication.getRefreshTokenValue()), headers);
headers.setContentType(MediaType.APPLICATION_JSON);
headers.set(HttpHeaders.AUTHORIZATION, "Bearer " + authentication.getAccessTokenValue());
HttpEntity<Void> requestEntity = new HttpEntity<>(headers);
try {
restTemplate.exchange(server.getRevocationEndpointUri(), HttpMethod.POST, entity, String.class);
ResponseEntity<RefreshToken[]> response = restTemplate.exchange(this.issuer + "/api/tokens/refresh/", HttpMethod.GET, requestEntity, RefreshToken[].class);
List<RefreshToken> old = Arrays.stream(response.getBody()).
filter(token -> !token.getValue().equals(authentication.getRefreshTokenValue())).collect(Collectors.toList());
for(RefreshToken token: old) {
try {
ResponseEntity<String> delete = restTemplate.exchange(this.issuer + "/api/tokens/refresh/" + token.getId(), HttpMethod.DELETE, requestEntity, String.class);
if (delete.getStatusCode() != HttpStatus.OK) {
logger.warn(delete.getStatusCode() + " - Something went wrong for token: " + token.getId());
}
} catch (Exception e) {
logger.warn("Couldn't delete token: " + token.getId());
}
}
} catch (Exception e) {
logger.error("Couldn't revoke refresh Tokens");
logger.error("Couldn't fetch refresh tokens");
}
}
public MultiValueMap<String, String> revokeTokenRequest(String refreshToken) {
MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
map.add("client_id", this.client.getClientId());
map.add("client_secret", this.client.getClientSecret());
map.add("token", refreshToken);
return map;
}
}

3
src/main/resources/authentication.properties
View File

@ -14,6 +14,3 @@ authentication.accessToken=AccessToken
authentication.redirect=http://mpagasas.di.uoa.gr:4600/reload
#authentication.authorities-mapper=eduperson_entitlement
authentication.global-vars.buildDate=@timestampLoginCore@
authentication.global-vars.version=@project.version@