[Trunk | Monitor Service]: uoa-authorization-library dependency added:

1. pom.xml: Added dependencies for spring security and for uoa-authorization-library | [Bug fix] spring boot version set to 1.5.8 (it was accidentally set to 1.5.18 and library was not compatible). 2. UoaMonitorServiceApplication.java: Added authorization.properties | Remove SecurityConfig from configuration (done by authorization library) | import AuthorizationConfiguration. 3. ExceptionsHandler.java: Add handler for AccessDeniedException. 4. monitorservice.properties: Remove security properties (and add missing properties for mongodb). 5. UoaMonitorServiceConfiguration.java: Remove interceptor for AuthorizationHandler. 6. SecurityConfig.java & AuthorizationHandler.java & AuthorizationUtils.java: Removed unnecessary files (authorization is done via authorization library).
2020-11-11 10:52:38 +00:00 · 2020-11-11 10:52:38 +00:00 · 3540b9ec6b
parent 30a58da9b1
commit 3540b9ec6b
8 changed files with 36 additions and 385 deletions
--- a/pom.xml
+++ b/pom.xml
@ -14,7 +14,7 @@
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.5.18.RELEASE</version>
+        <version>1.5.8.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
@ -72,11 +72,20 @@
            <artifactId>uoa-admin-tools-library</artifactId>
            <version>1.0.0-SNAPSHOT</version>
        </dependency>
        <dependency>
            <groupId>eu.dnetlib</groupId>
            <artifactId>uoa-authorization-library</artifactId>
            <version>1.0.0-SNAPSHOT</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
    </dependencies>
    <build>
--- a/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceApplication.java
+++ b/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceApplication.java
@ -1,24 +1,27 @@
 package eu.dnetlib.uoamonitorservice;
 import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
 import eu.dnetlib.uoamonitorservice.configuration.properties.MongoConfig;
 import eu.dnetlib.uoamonitorservice.configuration.properties.SecurityConfig;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.context.annotation.PropertySources;
 //uoahelptexts
-@SpringBootApplication(scanBasePackages = {"eu.dnetlib.uoamonitorservice", "eu.dnetlib.uoaadmintoolslibrary"})
+@SpringBootApplication(scanBasePackages = {"eu.dnetlib.uoamonitorservice", "eu.dnetlib.uoaadmintoolslibrary"
 //        , "eu.dnetlib.uoaauthorizationlibrary"
 })
@PropertySources({
        @PropertySource("classpath:authorization.properties"),
        @PropertySource("classpath:monitorservice.properties"),
-//        @PropertySource(value = "file:/usr/share/tomcat7/lib/dnet-override.properties", ignoreResourceNotFound = true),
+        @PropertySource(value = "classpath:dnet-override.properties", ignoreResourceNotFound = true)
 //        @PropertySource(value = "file:/var/lib/tomcat_dnet/8380/lib/dnet-override.properties", ignoreResourceNotFound = true),
 //        @PropertySource(value = "file:/var/lib/tomcat8/lib/dnet-override.properties", ignoreResourceNotFound = true)
        @PropertySource("classpath:dnet-override.properties")
 })
-@EnableConfigurationProperties({SecurityConfig.class, MongoConfig.class})
+//SecurityConfig.class,
@EnableConfigurationProperties({ MongoConfig.class})
@Import(AuthorizationConfiguration.class)
 public class UoaMonitorServiceApplication {
    public static void main(String[] args) {
        SpringApplication.run(UoaMonitorServiceApplication.class, args);
--- a/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceConfiguration.java
+++ b/src/main/java/eu/dnetlib/uoamonitorservice/UoaMonitorServiceConfiguration.java
@ -1,33 +1,17 @@
 package eu.dnetlib.uoamonitorservice;
 import eu.dnetlib.uoamonitorservice.configuration.properties.SecurityConfig;
 import eu.dnetlib.uoamonitorservice.handlers.AuthorizationHandler;
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
 public class UoaMonitorServiceConfiguration extends WebMvcConfigurerAdapter {
    private final Logger log = Logger.getLogger(this.getClass());
    @Autowired
    private SecurityConfig securityConfig;
    @Bean
    public static PropertySourcesPlaceholderConfigurer  propertySourcesPlaceholderConfigurer() {
        return new PropertySourcesPlaceholderConfigurer();
    }
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new AuthorizationHandler(securityConfig.getUserInfoUrl(), securityConfig.getOriginServer(), securityConfig.getPostsAllowed()))
                .addPathPatterns("/**");
    }
 }
--- a/src/main/java/eu/dnetlib/uoamonitorservice/configuration/properties/SecurityConfig.java
+++ b/src/main/java/eu/dnetlib/uoamonitorservice/configuration/properties/SecurityConfig.java
@ -1,40 +0,0 @@
 package eu.dnetlib.uoamonitorservice.configuration.properties;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import java.util.ArrayList;
 import java.util.List;
@ConfigurationProperties("monitorservice.security")
 public class SecurityConfig {
    private String userInfoUrl;
    private String originServer;
    private List<String> postsAllowed = new ArrayList<>();
    public void setUserInfoUrl(String userInfoUrl) {
        this.userInfoUrl = userInfoUrl;
    }
    public void setOriginServer(String originServer) {
        this.originServer = originServer;
    }
    public void setPostsAllowed(List<String> posts) {
        this.postsAllowed = posts;
    }
    public String getUserInfoUrl() {
        return userInfoUrl;
    }
    public String getOriginServer() {
        return originServer;
    }
    public List<String> getPostsAllowed() {
        return postsAllowed;
    }
 }
--- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/AuthorizationHandler.java
+++ b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/AuthorizationHandler.java
@ -1,69 +0,0 @@
 package eu.dnetlib.uoamonitorservice.handlers;
 import eu.dnetlib.uoamonitorservice.handlers.utils.AuthorizationUtils;
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.List;
 public class AuthorizationHandler extends HandlerInterceptorAdapter {
    private final Logger log = Logger.getLogger(this.getClass());
    private AuthorizationUtils helper = new AuthorizationUtils();
    private List<String> allowedPostRequests;
    public AuthorizationHandler(String userInfoUrl, String originServer, List<String> allowedPostRequests){
        helper.setOriginServer(originServer);
        helper.setUserInfoUrl(userInfoUrl);
        this.allowedPostRequests = allowedPostRequests;
    }
 // Comment this method ONLY FOR TEST
 //    @Override
 //    public boolean preHandle(
 //            HttpServletRequest request,
 //            HttpServletResponse response,
 //            Object handler) throws Exception {
 ////        log.debug("request method " + request.getRemoteHost());
 //        log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl());
 //        log.debug(allowedPostRequests);
 //        log.debug(allowedPostRequests.contains(request.getServletPath()));
 //        log.debug(request.getServletPath());
 //        if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) &&
 //        !allowedPostRequests.contains(request.getServletPath())) {
 //            //TODO check domain & check user info
 //            if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){
 //
 //                response.setHeader("Access-Control-Allow-Credentials","true");
 //                response.setHeader("Access-Control-Allow-Origin","*");
 //                response.setHeader("Vary","Origin");
 //
 //                response.setStatus(403);
 //                response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered.");
 //                return false;
 //            }
 //
 //        }
 //        return true;
 //    }
 //    @Override
 //    public void postHandle(
 //            HttpServletRequest request,
 //            HttpServletResponse response,
 //            Object handler,
 //            ModelAndView modelAndView) throws Exception {
 //        log.info("I am here - postHandle ");
 //    }
 //
 //    @Override
 //    public void afterCompletion(
 //            HttpServletRequest request,
 //            HttpServletResponse response,
 //            Object handler, Exception ex) {
 //        log.info("I am here - afterCompletion ");
 //    }
 }
--- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java
+++ b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/ExceptionsHandler.java
@ -5,10 +5,12 @@ import org.apache.log4j.Logger;
 import org.springframework.data.crossstore.ChangeSetPersister;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.bind.MissingServletRequestParameterException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.support.MissingServletRequestPartException;
@ControllerAdvice
@RestController
@ -69,4 +71,15 @@ public class ExceptionsHandler {
        log.error("pathNotValidException exception : "+ ex.getMessage());
        return new ResponseEntity<ExceptionResponse>(response, HttpStatus.NOT_FOUND);
    }
    @ExceptionHandler(AccessDeniedException.class)
    public ResponseEntity<ExceptionResponse> accessDeniedException(Exception ex) {
        ExceptionResponse response = new ExceptionResponse();
        response.setErrorCode("Forbidden Exception");
        response.setErrorMessage("Access Denied Exception");
        response.setErrors(ex.getMessage());
        response.setStatus(HttpStatus.FORBIDDEN);
        log.error("accessDeniedException exception : "+ ex.getMessage());
        return new ResponseEntity<ExceptionResponse>(response, HttpStatus.FORBIDDEN);
    }
 }
--- a/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/AuthorizationUtils.java
+++ b/src/main/java/eu/dnetlib/uoamonitorservice/handlers/utils/AuthorizationUtils.java
@ -1,250 +0,0 @@
 package eu.dnetlib.uoamonitorservice.handlers.utils;
 import org.apache.log4j.Logger;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
 import java.io.StringReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.util.Enumeration;
 import com.google.gson.Gson;
 public class AuthorizationUtils {
    private final Logger log = Logger.getLogger(this.getClass());
    private String userInfoUrl = null;
 //    private String communityAPI ="";
 //    List<String> adminRoles = new ArrayList<String>(Arrays.asList("Super Administrator",  "Portal Administrator"));
    private String originServer= null;
    public Boolean checkCookies(HttpServletRequest request){
        Boolean valid = true;
        String cookieValue = this.getCookie(request,"AccessToken");
        if(cookieValue == null || cookieValue.isEmpty()){
            log.info("no cookie available ");
            valid = false;
        }else {
            String headerValue = this.getHeadersInfo(request, "x-xsrf-token");
            if(headerValue == null || headerValue.isEmpty()){
                log.info("no header available ");
                valid = false;
            }else{
                if(!cookieValue.equals(headerValue)){
                    log.info("no proper header or cookie ");
                    valid = false;
                }else if(!hasValidOrigin(this.getHeadersInfo(request, "origin"))){
                    log.info("no proper origin ");
                    valid = false;
                }
            }
        }
        return valid;
    }
    public String getToken(HttpServletRequest request){
        return this.getHeadersInfo(request, "x-xsrf-token");
    }
    private String getCookie(HttpServletRequest request, String cookieName){
        if(request.getCookies() == null){
            return null;
        }
        for(Cookie c: request.getCookies()){
 //            log.debug("cookie "+ c.getName()+ " "+ c.getValue());
            if(c.getName().equals(cookieName)){
                return c.getValue();
            }
        }
        return null;
    }
    private String getHeadersInfo(HttpServletRequest request, String name) {
        Enumeration headerNames = request.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String key = (String) headerNames.nextElement();
            String value = request.getHeader(key);
 //            log.debug(" key: "+ key+" value: "+ value);
            if(name.equals(key)){
                return value;
            }
        }
        return null;
    }
    public boolean hasValidOrigin(String origin) {
        if (origin != null && origin.indexOf(originServer)!=-1) {
            return true;
        }
        log.debug("Not valid origin. Origin server is \"" + origin + "\", but expected value is \"" + originServer + "\". If the expec cted value is not right, check properties file. ");
        return false;
    }
    public  UserInfo getUserInfo(String accessToken){
        String url=userInfoUrl+accessToken;
        URL obj = null;
        String responseStr=null;
 //        log.debug("User info url is "+url);
        try {
            obj = new URL(url);
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            if (con.getResponseCode() != 200) {
                log.debug("User info response code is: " + con.getResponseCode());
                return null;
            }
            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
            StringBuffer response = new StringBuffer();
            String inputLine;
            while ((inputLine = in.readLine()) != null) {
                response.append(inputLine).append("\n");
            }
            in.close();
            responseStr = response.toString();
        }catch(Exception e){
            log.error("An error occured while trying to fetch user info ",e);
            return null;
        }
        return json2UserInfo(responseStr);
    }
    private  UserInfo json2UserInfo(String json) {
 //        log.debug("Try to create userInfo class from json: "+json);
        if (json == null){
            return null;
        }
        BufferedReader br = new BufferedReader(new StringReader(json));
        //convert the json string back to object
        Gson gson = new Gson();
        UserInfo userInfo = null;
        try {
            userInfo = gson.fromJson(br, UserInfo.class);
        }catch(Exception e){
            log.debug("Error in parsing json response. Given json is : "+json, e);
            return null;
        }
 //        log.debug("Original response.........: "+userInfo.toString());
        try {
            if(userInfo != null && userInfo.getEdu_person_entitlements() != null ) {
                for (int i = 0; i < userInfo.getEdu_person_entitlements().size(); i++) {
                    String role = userInfo.getEdu_person_entitlements().get(i);
 //                    log.debug("AAI role: "+role);
                    role = role.split(":")[role.split(":").length-1];
                    role = role.replace("+"," ");
 //                    log.debug("Adding parsed role : "+role);
                    userInfo.getEdu_person_entitlements().set(i,role);
                }
            }
        }catch(Exception e){
            log.debug("Error in parsing  Edu_person_entitlements : ",e);
            return null;
        }
 //        log.debug("After handling roles : "+userInfo.toString());
        return userInfo;
    }
    public boolean isAuthorized(String token) {
        UserInfo userInfo = getUserInfo(token);
        if (userInfo != null ) {
            return true;
        } else {
            log.debug(" User has no Valid UserInfo");
            return false;
        }
    }
    public String getUserInfoUrl() {
        return userInfoUrl;
    }
    public String getOriginServer() {
        return originServer;
    }
    public void setUserInfoUrl(String userInfoUrl) {
        this.userInfoUrl = userInfoUrl;
    }
    public void setOriginServer(String originServer) {
        this.originServer = originServer;
    }
    //    private boolean hasRole(List<String> givenRoles, List<String> authorizedRoles) {
 //        log.debug("It's  registered with role " + givenRoles);
 //        for (String gRole : givenRoles) {
 //            if (authorizedRoles.indexOf(gRole) != -1) {
 //                return true;
 //            }
 //        }
 //        log.debug("Not Authorized. Authorized roles are" + authorizedRoles);
 //        return false;
 //
 //    }
 //    private boolean isCommunityManager(String community, String email) {
 //
 //        CommunityInfo communityInfo = getCommunityInfo(community);
 //        if(communityInfo != null && communityInfo.getManagers() != null ) {
 //
 //            for (int i = 0; i < communityInfo.getManagers().size(); i++) {
 //                String manager = communityInfo.getManagers().get(i);
 //                log.debug("Community manager: "+manager);
 //
 //            }
 //        }
 //        return false;
 //
 //    }
 //    private CommunityInfo getCommunityInfo(String community) {
 //        String url = userInfoUrl + community;
 //        URL obj = null;
 //        String responseStr = null;
 //        log.debug("Community info url is " + url);
 //
 //        try {
 //            obj = new URL(url);
 //            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
 //            log.debug("User info response code is: " + con.getResponseCode());
 //            if (con.getResponseCode() != 200) {
 //                return null;
 //            }
 //            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
 //            StringBuffer response = new StringBuffer();
 //            String inputLine;
 //            while ((inputLine = in.readLine()) != null) {
 //                response.append(inputLine).append("\n");
 //            }
 //            in.close();
 //            responseStr = response.toString();
 //        } catch (Exception e) {
 //            log.error("An error occured while trying to fetch user info ", e);
 //            return null;
 //        }
 //        return json2CommunityInfo(community);
 //    }
 //    private  CommunityInfo json2CommunityInfo(String json){
 //
 //        log.debug("Try to create CommunityInfo class from json: "+json);
 //        if (json == null){
 //            return null;
 //        }
 //
 //        BufferedReader br = new BufferedReader(new StringReader(json));
 //        //convert the json string back to object
 //        Gson gson = new Gson();
 //        CommunityInfo communityInfo = null;
 //        try {
 //            communityInfo = gson.fromJson(br, CommunityInfo.class);
 //        }catch(Exception e){
 //            log.debug("Error in parsing json response. Given json is : "+json, e);
 //            return null;
 //        }
 //
 //        log.debug("Original response.........: "+communityInfo.toString());
 //
 //
 //
 //        return communityInfo;
 //    }
 }
--- a/src/main/resources/monitorservice.properties
+++ b/src/main/resources/monitorservice.properties
@ -1,12 +1,13 @@
 #dev
 monitorservice.userInfoUrl = http://scoobydoo.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken=
 monitorservice.originServer = .di.uoa.gr
 monitorservice.host = smtp.gmail.com
 monitorservice.port = 587
 monitorservice.auth = true
 monitorservice.from = openaire.test@gmail.com
 monitorservice.username = openaire.test@gmail.com
 monitorservice.password = ...
 monitorservice.mongodb.host=localhost
 monitorservice.mongodb.port=27017
 monitorservice.mongodb.database=openaire_monitor3
 #beta
 #monitorservice.userInfoUrl =  https://beta.services.openaire.eu/uoa-user-management/api/users/getUserInfo?accessToken=