[Trunk | Monitor Service]: uoa-authorization-library dependency added:
1. pom.xml: Added dependencies for spring security and for uoa-authorization-library | [Bug fix] spring boot version set to 1.5.8 (it was accidentally set to 1.5.18 and library was not compatible). 2. UoaMonitorServiceApplication.java: Added authorization.properties | Remove SecurityConfig from configuration (done by authorization library) | import AuthorizationConfiguration. 3. ExceptionsHandler.java: Add handler for AccessDeniedException. 4. monitorservice.properties: Remove security properties (and add missing properties for mongodb). 5. UoaMonitorServiceConfiguration.java: Remove interceptor for AuthorizationHandler. 6. SecurityConfig.java & AuthorizationHandler.java & AuthorizationUtils.java: Removed unnecessary files (authorization is done via authorization library).
This commit is contained in:
parent
30a58da9b1
commit
3540b9ec6b
11
pom.xml
11
pom.xml
|
@ -14,7 +14,7 @@
|
|||
<parent>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-parent</artifactId>
|
||||
<version>1.5.18.RELEASE</version>
|
||||
<version>1.5.8.RELEASE</version>
|
||||
<relativePath/> <!-- lookup parent from repository -->
|
||||
</parent>
|
||||
|
||||
|
@ -72,11 +72,20 @@
|
|||
<artifactId>uoa-admin-tools-library</artifactId>
|
||||
<version>1.0.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>eu.dnetlib</groupId>
|
||||
<artifactId>uoa-authorization-library</artifactId>
|
||||
<version>1.0.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
|
|
@ -1,24 +1,27 @@
|
|||
package eu.dnetlib.uoamonitorservice;
|
||||
|
||||
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
|
||||
import eu.dnetlib.uoamonitorservice.configuration.properties.MongoConfig;
|
||||
import eu.dnetlib.uoamonitorservice.configuration.properties.SecurityConfig;
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.context.annotation.PropertySources;
|
||||
//uoahelptexts
|
||||
@SpringBootApplication(scanBasePackages = {"eu.dnetlib.uoamonitorservice", "eu.dnetlib.uoaadmintoolslibrary"})
|
||||
@SpringBootApplication(scanBasePackages = {"eu.dnetlib.uoamonitorservice", "eu.dnetlib.uoaadmintoolslibrary"
|
||||
// , "eu.dnetlib.uoaauthorizationlibrary"
|
||||
})
|
||||
@PropertySources({
|
||||
@PropertySource("classpath:authorization.properties"),
|
||||
@PropertySource("classpath:monitorservice.properties"),
|
||||
// @PropertySource(value = "file:/usr/share/tomcat7/lib/dnet-override.properties", ignoreResourceNotFound = true),
|
||||
// @PropertySource(value = "file:/var/lib/tomcat_dnet/8380/lib/dnet-override.properties", ignoreResourceNotFound = true),
|
||||
// @PropertySource(value = "file:/var/lib/tomcat8/lib/dnet-override.properties", ignoreResourceNotFound = true)
|
||||
@PropertySource("classpath:dnet-override.properties")
|
||||
@PropertySource(value = "classpath:dnet-override.properties", ignoreResourceNotFound = true)
|
||||
})
|
||||
|
||||
@EnableConfigurationProperties({SecurityConfig.class, MongoConfig.class})
|
||||
//SecurityConfig.class,
|
||||
@EnableConfigurationProperties({ MongoConfig.class})
|
||||
|
||||
@Import(AuthorizationConfiguration.class)
|
||||
public class UoaMonitorServiceApplication {
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(UoaMonitorServiceApplication.class, args);
|
||||
|
|
|
@ -1,33 +1,17 @@
|
|||
package eu.dnetlib.uoamonitorservice;
|
||||
|
||||
import eu.dnetlib.uoamonitorservice.configuration.properties.SecurityConfig;
|
||||
import eu.dnetlib.uoamonitorservice.handlers.AuthorizationHandler;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
|
||||
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
public class UoaMonitorServiceConfiguration extends WebMvcConfigurerAdapter {
|
||||
private final Logger log = Logger.getLogger(this.getClass());
|
||||
|
||||
@Autowired
|
||||
private SecurityConfig securityConfig;
|
||||
|
||||
|
||||
@Bean
|
||||
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
|
||||
return new PropertySourcesPlaceholderConfigurer();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
registry.addInterceptor(new AuthorizationHandler(securityConfig.getUserInfoUrl(), securityConfig.getOriginServer(), securityConfig.getPostsAllowed()))
|
||||
.addPathPatterns("/**");
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
package eu.dnetlib.uoamonitorservice.configuration.properties;
|
||||
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
@ConfigurationProperties("monitorservice.security")
|
||||
public class SecurityConfig {
|
||||
|
||||
private String userInfoUrl;
|
||||
private String originServer;
|
||||
private List<String> postsAllowed = new ArrayList<>();
|
||||
|
||||
public void setUserInfoUrl(String userInfoUrl) {
|
||||
this.userInfoUrl = userInfoUrl;
|
||||
}
|
||||
|
||||
public void setOriginServer(String originServer) {
|
||||
this.originServer = originServer;
|
||||
}
|
||||
|
||||
|
||||
public void setPostsAllowed(List<String> posts) {
|
||||
this.postsAllowed = posts;
|
||||
}
|
||||
|
||||
public String getUserInfoUrl() {
|
||||
return userInfoUrl;
|
||||
}
|
||||
|
||||
public String getOriginServer() {
|
||||
return originServer;
|
||||
}
|
||||
|
||||
public List<String> getPostsAllowed() {
|
||||
return postsAllowed;
|
||||
}
|
||||
|
||||
}
|
|
@ -1,69 +0,0 @@
|
|||
package eu.dnetlib.uoamonitorservice.handlers;
|
||||
|
||||
import eu.dnetlib.uoamonitorservice.handlers.utils.AuthorizationUtils;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.List;
|
||||
|
||||
public class AuthorizationHandler extends HandlerInterceptorAdapter {
|
||||
private final Logger log = Logger.getLogger(this.getClass());
|
||||
private AuthorizationUtils helper = new AuthorizationUtils();
|
||||
private List<String> allowedPostRequests;
|
||||
|
||||
public AuthorizationHandler(String userInfoUrl, String originServer, List<String> allowedPostRequests){
|
||||
helper.setOriginServer(originServer);
|
||||
helper.setUserInfoUrl(userInfoUrl);
|
||||
this.allowedPostRequests = allowedPostRequests;
|
||||
}
|
||||
// Comment this method ONLY FOR TEST
|
||||
// @Override
|
||||
// public boolean preHandle(
|
||||
// HttpServletRequest request,
|
||||
// HttpServletResponse response,
|
||||
// Object handler) throws Exception {
|
||||
//// log.debug("request method " + request.getRemoteHost());
|
||||
// log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl());
|
||||
// log.debug(allowedPostRequests);
|
||||
// log.debug(allowedPostRequests.contains(request.getServletPath()));
|
||||
// log.debug(request.getServletPath());
|
||||
// if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) &&
|
||||
// !allowedPostRequests.contains(request.getServletPath())) {
|
||||
// //TODO check domain & check user info
|
||||
// if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){
|
||||
//
|
||||
// response.setHeader("Access-Control-Allow-Credentials","true");
|
||||
// response.setHeader("Access-Control-Allow-Origin","*");
|
||||
// response.setHeader("Vary","Origin");
|
||||
//
|
||||
// response.setStatus(403);
|
||||
// response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered.");
|
||||
// return false;
|
||||
// }
|
||||
//
|
||||
// }
|
||||
// return true;
|
||||
// }
|
||||
|
||||
|
||||
// @Override
|
||||
// public void postHandle(
|
||||
// HttpServletRequest request,
|
||||
// HttpServletResponse response,
|
||||
// Object handler,
|
||||
// ModelAndView modelAndView) throws Exception {
|
||||
// log.info("I am here - postHandle ");
|
||||
// }
|
||||
//
|
||||
// @Override
|
||||
// public void afterCompletion(
|
||||
// HttpServletRequest request,
|
||||
// HttpServletResponse response,
|
||||
// Object handler, Exception ex) {
|
||||
// log.info("I am here - afterCompletion ");
|
||||
// }
|
||||
|
||||
}
|
|
@ -5,10 +5,12 @@ import org.apache.log4j.Logger;
|
|||
import org.springframework.data.crossstore.ChangeSetPersister;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.web.bind.MissingServletRequestParameterException;
|
||||
import org.springframework.web.bind.annotation.ControllerAdvice;
|
||||
import org.springframework.web.bind.annotation.ExceptionHandler;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.multipart.support.MissingServletRequestPartException;
|
||||
|
||||
@ControllerAdvice
|
||||
@RestController
|
||||
|
@ -69,4 +71,15 @@ public class ExceptionsHandler {
|
|||
log.error("pathNotValidException exception : "+ ex.getMessage());
|
||||
return new ResponseEntity<ExceptionResponse>(response, HttpStatus.NOT_FOUND);
|
||||
}
|
||||
|
||||
@ExceptionHandler(AccessDeniedException.class)
|
||||
public ResponseEntity<ExceptionResponse> accessDeniedException(Exception ex) {
|
||||
ExceptionResponse response = new ExceptionResponse();
|
||||
response.setErrorCode("Forbidden Exception");
|
||||
response.setErrorMessage("Access Denied Exception");
|
||||
response.setErrors(ex.getMessage());
|
||||
response.setStatus(HttpStatus.FORBIDDEN);
|
||||
log.error("accessDeniedException exception : "+ ex.getMessage());
|
||||
return new ResponseEntity<ExceptionResponse>(response, HttpStatus.FORBIDDEN);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,250 +0,0 @@
|
|||
package eu.dnetlib.uoamonitorservice.handlers.utils;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.io.BufferedReader;
|
||||
import java.io.InputStreamReader;
|
||||
import java.io.StringReader;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.URL;
|
||||
import java.util.Enumeration;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
|
||||
public class AuthorizationUtils {
|
||||
private final Logger log = Logger.getLogger(this.getClass());
|
||||
private String userInfoUrl = null;
|
||||
// private String communityAPI ="";
|
||||
// List<String> adminRoles = new ArrayList<String>(Arrays.asList("Super Administrator", "Portal Administrator"));
|
||||
private String originServer= null;
|
||||
public Boolean checkCookies(HttpServletRequest request){
|
||||
Boolean valid = true;
|
||||
String cookieValue = this.getCookie(request,"AccessToken");
|
||||
if(cookieValue == null || cookieValue.isEmpty()){
|
||||
log.info("no cookie available ");
|
||||
valid = false;
|
||||
}else {
|
||||
String headerValue = this.getHeadersInfo(request, "x-xsrf-token");
|
||||
if(headerValue == null || headerValue.isEmpty()){
|
||||
log.info("no header available ");
|
||||
valid = false;
|
||||
}else{
|
||||
if(!cookieValue.equals(headerValue)){
|
||||
log.info("no proper header or cookie ");
|
||||
valid = false;
|
||||
}else if(!hasValidOrigin(this.getHeadersInfo(request, "origin"))){
|
||||
log.info("no proper origin ");
|
||||
valid = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
public String getToken(HttpServletRequest request){
|
||||
return this.getHeadersInfo(request, "x-xsrf-token");
|
||||
}
|
||||
private String getCookie(HttpServletRequest request, String cookieName){
|
||||
if(request.getCookies() == null){
|
||||
return null;
|
||||
}
|
||||
for(Cookie c: request.getCookies()){
|
||||
// log.debug("cookie "+ c.getName()+ " "+ c.getValue());
|
||||
if(c.getName().equals(cookieName)){
|
||||
return c.getValue();
|
||||
}
|
||||
|
||||
}
|
||||
return null;
|
||||
}
|
||||
private String getHeadersInfo(HttpServletRequest request, String name) {
|
||||
|
||||
Enumeration headerNames = request.getHeaderNames();
|
||||
while (headerNames.hasMoreElements()) {
|
||||
String key = (String) headerNames.nextElement();
|
||||
String value = request.getHeader(key);
|
||||
// log.debug(" key: "+ key+" value: "+ value);
|
||||
if(name.equals(key)){
|
||||
return value;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
public boolean hasValidOrigin(String origin) {
|
||||
if (origin != null && origin.indexOf(originServer)!=-1) {
|
||||
return true;
|
||||
}
|
||||
log.debug("Not valid origin. Origin server is \"" + origin + "\", but expected value is \"" + originServer + "\". If the expec cted value is not right, check properties file. ");
|
||||
return false;
|
||||
}
|
||||
public UserInfo getUserInfo(String accessToken){
|
||||
String url=userInfoUrl+accessToken;
|
||||
URL obj = null;
|
||||
String responseStr=null;
|
||||
// log.debug("User info url is "+url);
|
||||
|
||||
try {
|
||||
obj = new URL(url);
|
||||
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
|
||||
if (con.getResponseCode() != 200) {
|
||||
log.debug("User info response code is: " + con.getResponseCode());
|
||||
return null;
|
||||
}
|
||||
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
|
||||
StringBuffer response = new StringBuffer();
|
||||
String inputLine;
|
||||
while ((inputLine = in.readLine()) != null) {
|
||||
response.append(inputLine).append("\n");
|
||||
}
|
||||
in.close();
|
||||
responseStr = response.toString();
|
||||
}catch(Exception e){
|
||||
log.error("An error occured while trying to fetch user info ",e);
|
||||
return null;
|
||||
}
|
||||
return json2UserInfo(responseStr);
|
||||
}
|
||||
private UserInfo json2UserInfo(String json) {
|
||||
|
||||
// log.debug("Try to create userInfo class from json: "+json);
|
||||
if (json == null){
|
||||
return null;
|
||||
}
|
||||
|
||||
BufferedReader br = new BufferedReader(new StringReader(json));
|
||||
//convert the json string back to object
|
||||
Gson gson = new Gson();
|
||||
UserInfo userInfo = null;
|
||||
try {
|
||||
userInfo = gson.fromJson(br, UserInfo.class);
|
||||
}catch(Exception e){
|
||||
log.debug("Error in parsing json response. Given json is : "+json, e);
|
||||
return null;
|
||||
}
|
||||
|
||||
// log.debug("Original response.........: "+userInfo.toString());
|
||||
try {
|
||||
if(userInfo != null && userInfo.getEdu_person_entitlements() != null ) {
|
||||
|
||||
for (int i = 0; i < userInfo.getEdu_person_entitlements().size(); i++) {
|
||||
String role = userInfo.getEdu_person_entitlements().get(i);
|
||||
// log.debug("AAI role: "+role);
|
||||
role = role.split(":")[role.split(":").length-1];
|
||||
role = role.replace("+"," ");
|
||||
// log.debug("Adding parsed role : "+role);
|
||||
userInfo.getEdu_person_entitlements().set(i,role);
|
||||
}
|
||||
}
|
||||
}catch(Exception e){
|
||||
log.debug("Error in parsing Edu_person_entitlements : ",e);
|
||||
return null;
|
||||
}
|
||||
// log.debug("After handling roles : "+userInfo.toString());
|
||||
|
||||
|
||||
return userInfo;
|
||||
}
|
||||
public boolean isAuthorized(String token) {
|
||||
UserInfo userInfo = getUserInfo(token);
|
||||
if (userInfo != null ) {
|
||||
return true;
|
||||
} else {
|
||||
log.debug(" User has no Valid UserInfo");
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public String getUserInfoUrl() {
|
||||
return userInfoUrl;
|
||||
}
|
||||
|
||||
public String getOriginServer() {
|
||||
return originServer;
|
||||
}
|
||||
|
||||
public void setUserInfoUrl(String userInfoUrl) {
|
||||
this.userInfoUrl = userInfoUrl;
|
||||
}
|
||||
|
||||
public void setOriginServer(String originServer) {
|
||||
this.originServer = originServer;
|
||||
}
|
||||
// private boolean hasRole(List<String> givenRoles, List<String> authorizedRoles) {
|
||||
// log.debug("It's registered with role " + givenRoles);
|
||||
// for (String gRole : givenRoles) {
|
||||
// if (authorizedRoles.indexOf(gRole) != -1) {
|
||||
// return true;
|
||||
// }
|
||||
// }
|
||||
// log.debug("Not Authorized. Authorized roles are" + authorizedRoles);
|
||||
// return false;
|
||||
//
|
||||
// }
|
||||
// private boolean isCommunityManager(String community, String email) {
|
||||
//
|
||||
// CommunityInfo communityInfo = getCommunityInfo(community);
|
||||
// if(communityInfo != null && communityInfo.getManagers() != null ) {
|
||||
//
|
||||
// for (int i = 0; i < communityInfo.getManagers().size(); i++) {
|
||||
// String manager = communityInfo.getManagers().get(i);
|
||||
// log.debug("Community manager: "+manager);
|
||||
//
|
||||
// }
|
||||
// }
|
||||
// return false;
|
||||
//
|
||||
// }
|
||||
// private CommunityInfo getCommunityInfo(String community) {
|
||||
// String url = userInfoUrl + community;
|
||||
// URL obj = null;
|
||||
// String responseStr = null;
|
||||
// log.debug("Community info url is " + url);
|
||||
//
|
||||
// try {
|
||||
// obj = new URL(url);
|
||||
// HttpURLConnection con = (HttpURLConnection) obj.openConnection();
|
||||
// log.debug("User info response code is: " + con.getResponseCode());
|
||||
// if (con.getResponseCode() != 200) {
|
||||
// return null;
|
||||
// }
|
||||
// BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
|
||||
// StringBuffer response = new StringBuffer();
|
||||
// String inputLine;
|
||||
// while ((inputLine = in.readLine()) != null) {
|
||||
// response.append(inputLine).append("\n");
|
||||
// }
|
||||
// in.close();
|
||||
// responseStr = response.toString();
|
||||
// } catch (Exception e) {
|
||||
// log.error("An error occured while trying to fetch user info ", e);
|
||||
// return null;
|
||||
// }
|
||||
// return json2CommunityInfo(community);
|
||||
// }
|
||||
// private CommunityInfo json2CommunityInfo(String json){
|
||||
//
|
||||
// log.debug("Try to create CommunityInfo class from json: "+json);
|
||||
// if (json == null){
|
||||
// return null;
|
||||
// }
|
||||
//
|
||||
// BufferedReader br = new BufferedReader(new StringReader(json));
|
||||
// //convert the json string back to object
|
||||
// Gson gson = new Gson();
|
||||
// CommunityInfo communityInfo = null;
|
||||
// try {
|
||||
// communityInfo = gson.fromJson(br, CommunityInfo.class);
|
||||
// }catch(Exception e){
|
||||
// log.debug("Error in parsing json response. Given json is : "+json, e);
|
||||
// return null;
|
||||
// }
|
||||
//
|
||||
// log.debug("Original response.........: "+communityInfo.toString());
|
||||
//
|
||||
//
|
||||
//
|
||||
// return communityInfo;
|
||||
// }
|
||||
}
|
|
@ -1,12 +1,13 @@
|
|||
#dev
|
||||
monitorservice.userInfoUrl = http://scoobydoo.di.uoa.gr:8080/dnet-openaire-users-1.0.0-SNAPSHOT/api/users/getUserInfo?accessToken=
|
||||
monitorservice.originServer = .di.uoa.gr
|
||||
monitorservice.host = smtp.gmail.com
|
||||
monitorservice.port = 587
|
||||
monitorservice.auth = true
|
||||
monitorservice.from = openaire.test@gmail.com
|
||||
monitorservice.username = openaire.test@gmail.com
|
||||
monitorservice.password = ...
|
||||
monitorservice.mongodb.host=localhost
|
||||
monitorservice.mongodb.port=27017
|
||||
monitorservice.mongodb.database=openaire_monitor3
|
||||
|
||||
#beta
|
||||
#monitorservice.userInfoUrl = https://beta.services.openaire.eu/uoa-user-management/api/users/getUserInfo?accessToken=
|
||||
|
|
Loading…
Reference in New Issue