From 3540b9ec6ba02d3c89dfb84f60a66f5b1f922785 Mon Sep 17 00:00:00 2001
From: "konstantina.galouni" <kgalouni@di.uoa.gr>
Date: Wed, 11 Nov 2020 10:52:38 +0000
Subject: [PATCH] [Trunk | Monitor Service]: uoa-authorization-library
 dependency added: 1. pom.xml: Added dependencies for spring security and for
 uoa-authorization-library | [Bug fix] spring boot version set to 1.5.8 (it
 was accidentally set to 1.5.18 and library was not compatible). 2.
 UoaMonitorServiceApplication.java: Added authorization.properties | Remove
 SecurityConfig from configuration (done by authorization library) | import
 AuthorizationConfiguration. 3. ExceptionsHandler.java: Add handler for
 AccessDeniedException. 4. monitorservice.properties: Remove security
 properties (and add missing properties for mongodb). 5.
 UoaMonitorServiceConfiguration.java: Remove interceptor for
 AuthorizationHandler. 6. SecurityConfig.java & AuthorizationHandler.java &
 AuthorizationUtils.java: Removed unnecessary files (authorization is done via
 authorization library).

---
 pom.xml                                       |  11 +-
 .../UoaMonitorServiceApplication.java         |  17 +-
 .../UoaMonitorServiceConfiguration.java       |  16 --
 .../properties/SecurityConfig.java            |  40 ---
 .../handlers/AuthorizationHandler.java        |  69 -----
 .../handlers/ExceptionsHandler.java           |  13 +
 .../handlers/utils/AuthorizationUtils.java    | 250 ------------------
 src/main/resources/monitorservice.properties  |   5 +-
 8 files changed, 36 insertions(+), 385 deletions(-)
 delete mode 100644 src/main/java/eu/dnetlib/uoamonitorservice/configuration/properties/SecurityConfig.java
 delete mode 100644 src/main/java/eu/dnetlib/uoamonitorservice/handlers/AuthorizationHandler.java
 delete mode 100644 src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/AuthorizationUtils.java

diff --git a/pom.xml b/pom.xml
index 99ea91b..9b3f211 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.5.18.RELEASE</version>
+        <version>1.5.8.RELEASE</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 
@@ -72,11 +72,20 @@
             <artifactId>uoa-admin-tools-library</artifactId>
             <version>1.0.0-SNAPSHOT</version>
         </dependency>
+        <dependency>
+            <groupId>eu.dnetlib</groupId>
+            <artifactId>uoa-authorization-library</artifactId>
+            <version>1.0.0-SNAPSHOT</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceApplication.java b/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceApplication.java
index 56ac5b7..e5d7f11 100644
--- a/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceApplication.java
+++ b/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceApplication.java
@@ -1,24 +1,27 @@
 package eu.dnetlib.uoamonitorservice;
 
+import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
 import eu.dnetlib.uoamonitorservice.configuration.properties.MongoConfig;
-import eu.dnetlib.uoamonitorservice.configuration.properties.SecurityConfig;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.context.annotation.PropertySources;
 //uoahelptexts
-@SpringBootApplication(scanBasePackages = {"eu.dnetlib.uoamonitorservice", "eu.dnetlib.uoaadmintoolslibrary"})
+@SpringBootApplication(scanBasePackages = {"eu.dnetlib.uoamonitorservice", "eu.dnetlib.uoaadmintoolslibrary"
+//        , "eu.dnetlib.uoaauthorizationlibrary"
+})
 @PropertySources({
+        @PropertySource("classpath:authorization.properties"),
         @PropertySource("classpath:monitorservice.properties"),
-//        @PropertySource(value = "file:/usr/share/tomcat7/lib/dnet-override.properties", ignoreResourceNotFound = true),
-//        @PropertySource(value = "file:/var/lib/tomcat_dnet/8380/lib/dnet-override.properties", ignoreResourceNotFound = true),
-//        @PropertySource(value = "file:/var/lib/tomcat8/lib/dnet-override.properties", ignoreResourceNotFound = true)
-        @PropertySource("classpath:dnet-override.properties")
+        @PropertySource(value = "classpath:dnet-override.properties", ignoreResourceNotFound = true)
 })
 
-@EnableConfigurationProperties({SecurityConfig.class, MongoConfig.class})
+//SecurityConfig.class,
+@EnableConfigurationProperties({ MongoConfig.class})
 
+@Import(AuthorizationConfiguration.class)
 public class UoaMonitorServiceApplication {
     public static void main(String[] args) {
         SpringApplication.run(UoaMonitorServiceApplication.class, args);
diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceConfiguration.java b/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceConfiguration.java
index 4818ea7..8cb2fa3 100644
--- a/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceConfiguration.java
+++ b/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceConfiguration.java
@@ -1,33 +1,17 @@
 package eu.dnetlib.uoamonitorservice;
 
-import eu.dnetlib.uoamonitorservice.configuration.properties.SecurityConfig;
-import eu.dnetlib.uoamonitorservice.handlers.AuthorizationHandler;
 import org.apache.log4j.Logger;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
 @Configuration
 public class UoaMonitorServiceConfiguration extends WebMvcConfigurerAdapter {
     private final Logger log = Logger.getLogger(this.getClass());
 
-    @Autowired
-    private SecurityConfig securityConfig;
-
-
     @Bean
     public static PropertySourcesPlaceholderConfigurer  propertySourcesPlaceholderConfigurer() {
         return new PropertySourcesPlaceholderConfigurer();
     }
-
-    @Override
-    public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(new AuthorizationHandler(securityConfig.getUserInfoUrl(), securityConfig.getOriginServer(), securityConfig.getPostsAllowed()))
-                .addPathPatterns("/**");
-
-    }
-
 }
diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/configuration/properties/SecurityConfig.java b/src/main/java/eu/dnetlib/uoamonitorservice/configuration/properties/SecurityConfig.java
deleted file mode 100644
index ba4e033..0000000
--- a/src/main/java/eu/dnetlib/uoamonitorservice/configuration/properties/SecurityConfig.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package eu.dnetlib.uoamonitorservice.configuration.properties;
-
-import org.springframework.boot.context.properties.ConfigurationProperties;
-
-import java.util.ArrayList;
-import java.util.List;
-
-@ConfigurationProperties("monitorservice.security")
-public class SecurityConfig {
-
-    private String userInfoUrl;
-    private String originServer;
-    private List<String> postsAllowed = new ArrayList<>();
-
-    public void setUserInfoUrl(String userInfoUrl) {
-        this.userInfoUrl = userInfoUrl;
-    }
-
-    public void setOriginServer(String originServer) {
-        this.originServer = originServer;
-    }
-
-
-    public void setPostsAllowed(List<String> posts) {
-        this.postsAllowed = posts;
-    }
-
-    public String getUserInfoUrl() {
-        return userInfoUrl;
-    }
-
-    public String getOriginServer() {
-        return originServer;
-    }
-
-    public List<String> getPostsAllowed() {
-        return postsAllowed;
-    }
-
-}
diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/AuthorizationHandler.java b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/AuthorizationHandler.java
deleted file mode 100644
index ad0603c..0000000
--- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/AuthorizationHandler.java
+++ /dev/null
@@ -1,69 +0,0 @@
-package eu.dnetlib.uoamonitorservice.handlers;
-
-import eu.dnetlib.uoamonitorservice.handlers.utils.AuthorizationUtils;
-import org.apache.log4j.Logger;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.List;
-
-public class AuthorizationHandler extends HandlerInterceptorAdapter {
-    private final Logger log = Logger.getLogger(this.getClass());
-    private AuthorizationUtils helper = new AuthorizationUtils();
-    private List<String> allowedPostRequests;
-
-    public AuthorizationHandler(String userInfoUrl, String originServer, List<String> allowedPostRequests){
-        helper.setOriginServer(originServer);
-        helper.setUserInfoUrl(userInfoUrl);
-        this.allowedPostRequests = allowedPostRequests;
-    }
-// Comment this method ONLY FOR TEST
-//    @Override
-//    public boolean preHandle(
-//            HttpServletRequest request,
-//            HttpServletResponse response,
-//            Object handler) throws Exception {
-////        log.debug("request method " + request.getRemoteHost());
-//        log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl());
-//        log.debug(allowedPostRequests);
-//        log.debug(allowedPostRequests.contains(request.getServletPath()));
-//        log.debug(request.getServletPath());
-//        if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) &&
-//        !allowedPostRequests.contains(request.getServletPath())) {
-//            //TODO check domain & check user info
-//            if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){
-//
-//                response.setHeader("Access-Control-Allow-Credentials","true");
-//                response.setHeader("Access-Control-Allow-Origin","*");
-//                response.setHeader("Vary","Origin");
-//
-//                response.setStatus(403);
-//                response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered.");
-//                return false;
-//            }
-//
-//        }
-//        return true;
-//    }
-
-
-//    @Override
-//    public void postHandle(
-//            HttpServletRequest request,
-//            HttpServletResponse response,
-//            Object handler,
-//            ModelAndView modelAndView) throws Exception {
-//        log.info("I am here - postHandle ");
-//    }
-//
-//    @Override
-//    public void afterCompletion(
-//            HttpServletRequest request,
-//            HttpServletResponse response,
-//            Object handler, Exception ex) {
-//        log.info("I am here - afterCompletion ");
-//    }
-
-}
\ No newline at end of file
diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java
index 2755fc1..8f4b4cf 100644
--- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java
+++ b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java
@@ -5,10 +5,12 @@ import org.apache.log4j.Logger;
 import org.springframework.data.crossstore.ChangeSetPersister;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.bind.MissingServletRequestParameterException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.multipart.support.MissingServletRequestPartException;
 
 @ControllerAdvice
 @RestController
@@ -69,4 +71,15 @@ public class ExceptionsHandler {
         log.error("pathNotValidException exception : "+ ex.getMessage());
         return new ResponseEntity<ExceptionResponse>(response, HttpStatus.NOT_FOUND);
     }
+
+    @ExceptionHandler(AccessDeniedException.class)
+    public ResponseEntity<ExceptionResponse> accessDeniedException(Exception ex) {
+        ExceptionResponse response = new ExceptionResponse();
+        response.setErrorCode("Forbidden Exception");
+        response.setErrorMessage("Access Denied Exception");
+        response.setErrors(ex.getMessage());
+        response.setStatus(HttpStatus.FORBIDDEN);
+        log.error("accessDeniedException exception : "+ ex.getMessage());
+        return new ResponseEntity<ExceptionResponse>(response, HttpStatus.FORBIDDEN);
+    }
 }
diff --git a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/AuthorizationUtils.java b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/AuthorizationUtils.java
deleted file mode 100644
index eb6124d..0000000
--- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/AuthorizationUtils.java
+++ /dev/null
@@ -1,250 +0,0 @@
-package eu.dnetlib.uoamonitorservice.handlers.utils;
-
-import org.apache.log4j.Logger;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.io.StringReader;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.util.Enumeration;
-
-import com.google.gson.Gson;
-
-public class AuthorizationUtils {
-    private final Logger log = Logger.getLogger(this.getClass());
-    private String userInfoUrl = null;
-//    private String communityAPI ="";
-//    List<String> adminRoles = new ArrayList<String>(Arrays.asList("Super Administrator",  "Portal Administrator"));
-    private String originServer= null;
-    public Boolean checkCookies(HttpServletRequest request){
-        Boolean valid = true;
-        String cookieValue = this.getCookie(request,"AccessToken");
-        if(cookieValue == null || cookieValue.isEmpty()){
-            log.info("no cookie available ");
-            valid = false;
-        }else {
-            String headerValue = this.getHeadersInfo(request, "x-xsrf-token");
-            if(headerValue == null || headerValue.isEmpty()){
-                log.info("no header available ");
-                valid = false;
-            }else{
-                if(!cookieValue.equals(headerValue)){
-                    log.info("no proper header or cookie ");
-                    valid = false;
-                }else if(!hasValidOrigin(this.getHeadersInfo(request, "origin"))){
-                    log.info("no proper origin ");
-                    valid = false;
-                }
-            }
-        }
-        return valid;
-    }
-    public String getToken(HttpServletRequest request){
-        return this.getHeadersInfo(request, "x-xsrf-token");
-    }
-    private String getCookie(HttpServletRequest request, String cookieName){
-        if(request.getCookies() == null){
-            return null;
-        }
-        for(Cookie c: request.getCookies()){
-//            log.debug("cookie "+ c.getName()+ " "+ c.getValue());
-            if(c.getName().equals(cookieName)){
-                return c.getValue();
-            }
-
-        }
-        return null;
-    }
-    private String getHeadersInfo(HttpServletRequest request, String name) {
-
-        Enumeration headerNames = request.getHeaderNames();
-        while (headerNames.hasMoreElements()) {
-            String key = (String) headerNames.nextElement();
-            String value = request.getHeader(key);
-//            log.debug(" key: "+ key+" value: "+ value);
-            if(name.equals(key)){
-                return value;
-            }
-        }
-        return null;
-    }
-    public boolean hasValidOrigin(String origin) {
-        if (origin != null && origin.indexOf(originServer)!=-1) {
-            return true;
-        }
-        log.debug("Not valid origin. Origin server is \"" + origin + "\", but expected value is \"" + originServer + "\". If the expec cted value is not right, check properties file. ");
-        return false;
-    }
-    public  UserInfo getUserInfo(String accessToken){
-        String url=userInfoUrl+accessToken;
-        URL obj = null;
-        String responseStr=null;
-//        log.debug("User info url is "+url);
-
-        try {
-            obj = new URL(url);
-            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
-            if (con.getResponseCode() != 200) {
-                log.debug("User info response code is: " + con.getResponseCode());
-                return null;
-            }
-            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
-            StringBuffer response = new StringBuffer();
-            String inputLine;
-            while ((inputLine = in.readLine()) != null) {
-                response.append(inputLine).append("\n");
-            }
-            in.close();
-            responseStr = response.toString();
-        }catch(Exception e){
-            log.error("An error occured while trying to fetch user info ",e);
-            return null;
-        }
-        return json2UserInfo(responseStr);
-    }
-    private  UserInfo json2UserInfo(String json) {
-
-//        log.debug("Try to create userInfo class from json: "+json);
-        if (json == null){
-            return null;
-        }
-
-        BufferedReader br = new BufferedReader(new StringReader(json));
-        //convert the json string back to object
-        Gson gson = new Gson();
-        UserInfo userInfo = null;
-        try {
-            userInfo = gson.fromJson(br, UserInfo.class);
-        }catch(Exception e){
-            log.debug("Error in parsing json response. Given json is : "+json, e);
-            return null;
-        }
-
-//        log.debug("Original response.........: "+userInfo.toString());
-        try {
-            if(userInfo != null && userInfo.getEdu_person_entitlements() != null ) {
-
-                for (int i = 0; i < userInfo.getEdu_person_entitlements().size(); i++) {
-                    String role = userInfo.getEdu_person_entitlements().get(i);
-//                    log.debug("AAI role: "+role);
-                    role = role.split(":")[role.split(":").length-1];
-                    role = role.replace("+"," ");
-//                    log.debug("Adding parsed role : "+role);
-                    userInfo.getEdu_person_entitlements().set(i,role);
-                }
-            }
-        }catch(Exception e){
-            log.debug("Error in parsing  Edu_person_entitlements : ",e);
-            return null;
-        }
-//        log.debug("After handling roles : "+userInfo.toString());
-
-
-        return userInfo;
-    }
-    public boolean isAuthorized(String token) {
-        UserInfo userInfo = getUserInfo(token);
-        if (userInfo != null ) {
-            return true;
-        } else {
-            log.debug(" User has no Valid UserInfo");
-            return false;
-        }
-
-    }
-
-    public String getUserInfoUrl() {
-        return userInfoUrl;
-    }
-
-    public String getOriginServer() {
-        return originServer;
-    }
-
-    public void setUserInfoUrl(String userInfoUrl) {
-        this.userInfoUrl = userInfoUrl;
-    }
-
-    public void setOriginServer(String originServer) {
-        this.originServer = originServer;
-    }
-    //    private boolean hasRole(List<String> givenRoles, List<String> authorizedRoles) {
-//        log.debug("It's  registered with role " + givenRoles);
-//        for (String gRole : givenRoles) {
-//            if (authorizedRoles.indexOf(gRole) != -1) {
-//                return true;
-//            }
-//        }
-//        log.debug("Not Authorized. Authorized roles are" + authorizedRoles);
-//        return false;
-//
-//    }
-//    private boolean isCommunityManager(String community, String email) {
-//
-//        CommunityInfo communityInfo = getCommunityInfo(community);
-//        if(communityInfo != null && communityInfo.getManagers() != null ) {
-//
-//            for (int i = 0; i < communityInfo.getManagers().size(); i++) {
-//                String manager = communityInfo.getManagers().get(i);
-//                log.debug("Community manager: "+manager);
-//
-//            }
-//        }
-//        return false;
-//
-//    }
-//    private CommunityInfo getCommunityInfo(String community) {
-//        String url = userInfoUrl + community;
-//        URL obj = null;
-//        String responseStr = null;
-//        log.debug("Community info url is " + url);
-//
-//        try {
-//            obj = new URL(url);
-//            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
-//            log.debug("User info response code is: " + con.getResponseCode());
-//            if (con.getResponseCode() != 200) {
-//                return null;
-//            }
-//            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
-//            StringBuffer response = new StringBuffer();
-//            String inputLine;
-//            while ((inputLine = in.readLine()) != null) {
-//                response.append(inputLine).append("\n");
-//            }
-//            in.close();
-//            responseStr = response.toString();
-//        } catch (Exception e) {
-//            log.error("An error occured while trying to fetch user info ", e);
-//            return null;
-//        }
-//        return json2CommunityInfo(community);
-//    }
-//    private  CommunityInfo json2CommunityInfo(String json){
-//
-//        log.debug("Try to create CommunityInfo class from json: "+json);
-//        if (json == null){
-//            return null;
-//        }
-//
-//        BufferedReader br = new BufferedReader(new StringReader(json));
-//        //convert the json string back to object
-//        Gson gson = new Gson();
-//        CommunityInfo communityInfo = null;
-//        try {
-//            communityInfo = gson.fromJson(br, CommunityInfo.class);
-//        }catch(Exception e){
-//            log.debug("Error in parsing json response. Given json is : "+json, e);
-//            return null;
-//        }
-//
-//        log.debug("Original response.........: "+communityInfo.toString());
-//
-//
-//
-//        return communityInfo;
-//    }
-}
diff --git a/src/main/resources/monitorservice.properties b/src/main/resources/monitorservice.properties
index 8a572c8..bc1f981 100644
--- a/src/main/resources/monitorservice.properties
+++ b/src/main/resources/monitorservice.properties
@@ -1,12 +1,13 @@
 #dev
-monitorservice.userInfoUrl = http://scoobydoo.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken=
-monitorservice.originServer = .di.uoa.gr
 monitorservice.host = smtp.gmail.com
 monitorservice.port = 587
 monitorservice.auth = true
 monitorservice.from = openaire.test@gmail.com
 monitorservice.username = openaire.test@gmail.com
 monitorservice.password = ...
+monitorservice.mongodb.host=localhost
+monitorservice.mongodb.port=27017
+monitorservice.mongodb.database=openaire_monitor3
 
 #beta
 #monitorservice.userInfoUrl =  https://beta.services.openaire.eu/uoa-user-management/api/users/getUserInfo?accessToken=