diff --git a/pom.xml b/pom.xml
index a7dccd0..aef3adc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,6 @@
spring-webmvc
${spring.version}
-
org.hibernate
hibernate-validator-annotation-processor
diff --git a/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java b/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java
new file mode 100644
index 0000000..7e2d82d
--- /dev/null
+++ b/src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java
@@ -0,0 +1,179 @@
+package eu.dnetlib.repo.manager.config;
+
+import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
+import org.mitre.oauth2.model.RegisteredClient;
+import org.mitre.openid.connect.client.OIDCAuthenticationFilter;
+import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
+import org.mitre.openid.connect.client.service.impl.*;
+import org.mitre.openid.connect.config.ServerConfiguration;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+
+@Configuration
+@EnableWebSecurity
+public class AaiSecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+ @Value("${webapp.dev.front}")
+ private String logoutSuccessUrl;
+
+ @Value("${oidc.issuer}")
+ private String oidcIssuer;
+
+ @Value("${oidc.id}")
+ private String oidcId;
+
+ @Value("${oidc.secret}")
+ private String oidcSecret;
+
+ @Value("${oidc.dev.home}")
+ private String oidcDevHome;
+
+ @Value("${webapp.dev.front}")
+ private String webAppFrontEnd;
+
+ private Map userRoles = new HashMap(){{
+ put("urn:geant:openaire.eu:group:Super+Administrator#aai.openaire.eu", "ROLE_ADMIN");
+ put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator#aai.openaire.eu","ROLE_PROVIDE_ADMIN");
+ }};
+
+ @Bean
+ @Override
+ public AuthenticationManager authenticationManagerBean() throws Exception {
+ return authenticationManager();
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.authenticationProvider(openIdConnectAuthenticationProvider());
+ }
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable()
+ .anonymous().disable()
+ .authorizeRequests()
+ .anyRequest().authenticated()
+ .and()
+ .httpBasic()
+ .authenticationEntryPoint(authenticationEntryPoint())
+ .and()
+ .logout().logoutUrl("/openid_logout")
+ .invalidateHttpSession(true)
+ .deleteCookies("openAIRESession")
+ .logoutSuccessUrl(logoutSuccessUrl)
+ .and()
+ .addFilterBefore(openIdConnectAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
+ ;
+ }
+
+ @Bean
+ public OIDCAuthenticationProvider openIdConnectAuthenticationProvider(){
+ OIDCAuthenticationProvider oidcProvider = new OIDCAuthenticationProvider();
+ oidcProvider.setAuthoritiesMapper(authoritiesMapper());
+ return oidcProvider;
+ }
+
+ @Bean
+ public OpenAireProviderAuthoritiesMapper authoritiesMapper(){
+ OpenAireProviderAuthoritiesMapper authoritiesMapper = new OpenAireProviderAuthoritiesMapper(userRoles);
+ return authoritiesMapper;
+ }
+
+ @Bean
+ public StaticServerConfigurationService staticServerConfigurationService(){
+ StaticServerConfigurationService staticServerConfigurationService = new StaticServerConfigurationService();
+ Map servers = new HashMap<>();
+ servers.put(oidcIssuer, serverConfiguration());
+ staticServerConfigurationService.setServers(servers);
+ return staticServerConfigurationService;
+ }
+
+ @Bean
+ public StaticClientConfigurationService staticClientConfigurationService(){
+ StaticClientConfigurationService staticClientConfigurationService = new StaticClientConfigurationService();
+ Map clients = new HashMap<>();
+ clients.put(oidcIssuer,registeredClient());
+ staticClientConfigurationService.setClients(clients);
+ return staticClientConfigurationService;
+ }
+
+ @Bean
+ public RegisteredClient registeredClient(){
+ RegisteredClient registeredClient = new RegisteredClient();
+ registeredClient.setClientId(oidcId);
+ registeredClient.setClientSecret(oidcSecret);
+ registeredClient.setScope(new HashSet<>(Collections.singletonList("openid")));
+ registeredClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
+ registeredClient.setRedirectUris(new HashSet<>(Collections.singletonList(oidcDevHome)));
+ return registeredClient;
+ }
+
+ @Bean
+ public StaticAuthRequestOptionsService staticAuthRequestOptionsService(){
+ return new StaticAuthRequestOptionsService();
+ }
+
+ @Bean
+ public PlainAuthRequestUrlBuilder plainAuthRequestUrlBuilder(){
+ return new PlainAuthRequestUrlBuilder();
+ }
+
+ @Bean
+ public ServerConfiguration serverConfiguration(){
+ ServerConfiguration serverConfiguration = new ServerConfiguration();
+ serverConfiguration.setIssuer(oidcIssuer);
+ serverConfiguration.setAuthorizationEndpointUri(oidcIssuer+"authorize");
+ serverConfiguration.setTokenEndpointUri(oidcIssuer+"token");
+ serverConfiguration.setUserInfoUri(oidcIssuer+"userinfo");
+ serverConfiguration.setJwksUri(oidcIssuer+"jwk");
+ serverConfiguration.setRevocationEndpointUri(oidcIssuer+"revoke");
+ return serverConfiguration;
+ }
+
+ @Bean
+ public LoginUrlAuthenticationEntryPoint authenticationEntryPoint(){
+ return new LoginUrlAuthenticationEntryPoint("/openid_connect_login");
+ }
+
+
+ @Bean
+ public OIDCAuthenticationFilter openIdConnectAuthenticationFilter() throws Exception {
+ OIDCAuthenticationFilter oidc = new OIDCAuthenticationFilter();
+ oidc.setAuthenticationManager(authenticationManagerBean());
+ oidc.setIssuerService(staticSingleIssuerService());
+ oidc.setServerConfigurationService(staticServerConfigurationService());
+ oidc.setClientConfigurationService(staticClientConfigurationService());
+ oidc.setAuthRequestOptionsService(staticAuthRequestOptionsService());
+ oidc.setAuthRequestUrlBuilder(plainAuthRequestUrlBuilder());
+ oidc.setAuthenticationSuccessHandler(frontEndRedirect());
+ return oidc;
+ }
+
+ @Bean
+ public StaticSingleIssuerService staticSingleIssuerService(){
+ StaticSingleIssuerService staticSingleIssuerService = new StaticSingleIssuerService();
+ staticSingleIssuerService.setIssuer(oidcIssuer);
+ return staticSingleIssuerService;
+ }
+
+ @Bean(initMethod = "init")
+ public FrontEndLinkURIAuthenticationSuccessHandler frontEndRedirect(){
+ FrontEndLinkURIAuthenticationSuccessHandler frontEnd = new FrontEndLinkURIAuthenticationSuccessHandler();
+ frontEnd.setFrontEndURI(webAppFrontEnd);
+ return frontEnd;
+ }
+
+}
diff --git a/src/main/java/eu/dnetlib/repo/manager/config/CascadingPropertyLoader.java b/src/main/java/eu/dnetlib/repo/manager/config/CascadingPropertyLoader.java
index 019f42a..bc0af97 100644
--- a/src/main/java/eu/dnetlib/repo/manager/config/CascadingPropertyLoader.java
+++ b/src/main/java/eu/dnetlib/repo/manager/config/CascadingPropertyLoader.java
@@ -52,4 +52,5 @@ public class CascadingPropertyLoader extends PropertyPlaceholderConfigurer imple
this.properties = properties;
}
-}
\ No newline at end of file
+}
+
diff --git a/src/main/java/eu/dnetlib/repo/manager/config/DatasourceConfiguration.java b/src/main/java/eu/dnetlib/repo/manager/config/DatasourceConfiguration.java
new file mode 100644
index 0000000..1b0c95b
--- /dev/null
+++ b/src/main/java/eu/dnetlib/repo/manager/config/DatasourceConfiguration.java
@@ -0,0 +1,59 @@
+package eu.dnetlib.repo.manager.config;
+
+import org.apache.commons.dbcp.BasicDataSource;
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.jdbc.datasource.DataSourceTransactionManager;
+import org.springframework.transaction.annotation.EnableTransactionManagement;
+
+@Configuration
+@EnableTransactionManagement
+public class DatasourceConfiguration {
+
+ private static Logger LOGGER = Logger.getLogger(DatasourceConfiguration.class);
+
+ @Value("${repomanager.db.driverClassName}")
+ private String driverClassname;
+
+ @Value("${repomanager.db.url}")
+ private String URL;
+
+ @Value("${repomanager.db.username}")
+ private String username;
+
+ @Value("${repomanager.db.password}")
+ private String password;
+
+ @Bean
+ public BasicDataSource dataSource(){
+ BasicDataSource basicDataSource = new BasicDataSource();
+ basicDataSource.setDriverClassName(driverClassname);
+ basicDataSource.setUrl(URL);
+ basicDataSource.setUsername(username);
+ basicDataSource.setPassword(password);
+ basicDataSource.setMaxIdle(10);
+ basicDataSource.setMaxActive(100);
+ basicDataSource.setMaxWait(1000);
+ basicDataSource.setValidationQuery("SELECT 1;");
+ basicDataSource.setTestOnBorrow(true);
+ basicDataSource.setTestOnReturn(true);
+ basicDataSource.setTestWhileIdle(true);
+ basicDataSource.setTimeBetweenEvictionRunsMillis(1200000);
+ basicDataSource.setMinEvictableIdleTimeMillis(1800000);
+ basicDataSource.setMinEvictableIdleTimeMillis(5);
+ basicDataSource.setPoolPreparedStatements(true);
+ basicDataSource.setDefaultAutoCommit(true);
+
+ return basicDataSource;
+ }
+
+ @Bean
+ public DataSourceTransactionManager txManager(){
+ DataSourceTransactionManager txManager = new DataSourceTransactionManager();
+ txManager.setDataSource(dataSource());
+ return txManager;
+ }
+
+}
diff --git a/src/main/java/eu/dnetlib/repo/manager/config/GlobalSecurityConfiguration.java b/src/main/java/eu/dnetlib/repo/manager/config/GlobalSecurityConfiguration.java
new file mode 100644
index 0000000..b6eb25a
--- /dev/null
+++ b/src/main/java/eu/dnetlib/repo/manager/config/GlobalSecurityConfiguration.java
@@ -0,0 +1,19 @@
+package eu.dnetlib.repo.manager.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+import org.springframework.web.multipart.commons.CommonsMultipartResolver;
+
+@Configuration
+@EnableGlobalMethodSecurity(prePostEnabled = true,proxyTargetClass = true)
+public class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration {
+
+ @Bean
+ public CommonsMultipartResolver multipartResolver(){
+ CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver();
+ multipartResolver.setMaxUploadSize(268435456);
+ return multipartResolver;
+ }
+}
diff --git a/src/main/java/eu/dnetlib/repo/manager/config/Config.java b/src/main/java/eu/dnetlib/repo/manager/config/RedisConfiguration.java
similarity index 96%
rename from src/main/java/eu/dnetlib/repo/manager/config/Config.java
rename to src/main/java/eu/dnetlib/repo/manager/config/RedisConfiguration.java
index 60e6744..167545f 100644
--- a/src/main/java/eu/dnetlib/repo/manager/config/Config.java
+++ b/src/main/java/eu/dnetlib/repo/manager/config/RedisConfiguration.java
@@ -22,9 +22,9 @@ import javax.annotation.PostConstruct;
@ComponentScan(basePackages = {
"org.eurocris.openaire.cris.validator.service",
"eu.dnetlib.repo.manager.*"})
-public class Config {
+public class RedisConfiguration {
- private static Logger LOGGER = Logger.getLogger(Config.class);
+ private static Logger LOGGER = Logger.getLogger(RedisConfiguration.class);
@Value("${redis.host}")
private String host;
@@ -75,4 +75,5 @@ public class Config {
return restTemplate;
}
+
}
diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java
index 0ab3c02..48b559a 100644
--- a/src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java
+++ b/src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java
@@ -7,12 +7,10 @@ import eu.dnetlib.repo.manager.service.BrokerServiceImpl;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiParam;
import org.json.JSONException;
-import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.io.IOException;
@@ -37,7 +35,6 @@ public class BrokerController{
@ApiParam(value = "Include shared datasources", required = true , defaultValue = "false") String includeShared,
@RequestParam("includeByOthers")
@ApiParam(value = "Include datasources of other", required = true,defaultValue = "false") String includeByOthers) throws JSONException {
- user = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return brokerService.getDatasourcesOfUser(user, includeShared, includeByOthers);
}
@@ -78,7 +75,6 @@ public class BrokerController{
@ResponseBody
@PreAuthorize("hasRole('ROLE_USER')")
public Map> getSimpleSubscriptionsOfUser(@PathVariable("userEmail") String userEmail) throws BrokerException{
- userEmail = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return brokerService.getSimpleSubscriptionsOfUser(userEmail);
}
diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java
index 9b12c4c..6771afb 100644
--- a/src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java
+++ b/src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java
@@ -7,11 +7,9 @@ import eu.dnetlib.repo.manager.service.PiWikService;
import eu.dnetlib.repo.manager.service.RepositoryService;
import io.swagger.annotations.Api;
import org.json.JSONException;
-import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@@ -40,7 +38,6 @@ public class DashboardController {
public List getRepositoriesSummaryInfo(@PathVariable("userEmail") String userEmail,
@PathVariable("page") String page,
@PathVariable("size") String size) throws JSONException {
- userEmail = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return dashboardService.getRepositoriesSummaryInfo(userEmail, page, size);
}
@@ -87,7 +84,6 @@ public class DashboardController {
public BrokerSummary getBrokerSummary(
@PathVariable("email") String email,
@PathVariable("ds_name") String datasourceName) throws BrokerException {
- email = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return new BrokerSummary(brokerService.getSimpleSubscriptionsOfUser(email), brokerService.getTopicsForDatasource(datasourceName));
}
diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java
index bb071ef..ad11e22 100644
--- a/src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java
+++ b/src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java
@@ -8,11 +8,9 @@ import io.swagger.annotations.Api;
import io.swagger.annotations.ApiParam;
import org.apache.log4j.Logger;
import org.json.JSONException;
-import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
@RestController
@@ -39,7 +37,7 @@ public class MonitorController {
@RequestParam(value = "dateTo", required = false) @ApiParam(value = "Null value") String dateTo,
@RequestParam("validationStatus") @ApiParam(value = "Equals to filter validation jobs", required = false) String validationStatus,
@RequestParam("includeJobsTotal") @ApiParam(value = "Always true", required = true) String includeJobsTotal) throws JSONException, ValidatorServiceException {
- user = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
+
return monitorService.getJobsOfUser(user, jobType, offset, limit, dateFrom, dateTo, validationStatus, includeJobsTotal);
}
@@ -49,7 +47,6 @@ public class MonitorController {
public int getJobsOfUserPerValidationStatus(@RequestBody String user,
@RequestBody String jobType,
@RequestBody String validationStatus) throws JSONException {
- user = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return monitorService.getJobsOfUserPerValidationStatus(user, jobType, validationStatus);
}
diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java
index 22e98ba..2455493 100644
--- a/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java
+++ b/src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java
@@ -8,13 +8,11 @@ import eu.dnetlib.repo.manager.exception.ResourceNotFoundException;
import eu.dnetlib.repo.manager.service.RepositoryServiceImpl;
import io.swagger.annotations.Api;
import org.json.JSONException;
-import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.io.IOException;
@@ -51,7 +49,6 @@ public class RepositoryController {
public List getRepositoriesOfUser(@PathVariable("userEmail") String userEmail,
@PathVariable("page") String page,
@PathVariable("size") String size) throws JSONException, IOException {
- userEmail = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return repositoryService.getRepositoriesSnippetOfUser(userEmail, page, size);
}
@@ -175,7 +172,6 @@ public class RepositoryController {
public List getUrlsOfUserRepos(@PathVariable("user_email") String userEmail,
@PathVariable("page") String page,
@PathVariable("size") String size) throws JSONException {
- userEmail = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return repositoryService.getUrlsOfUserRepos(userEmail, page, size);
}
diff --git a/src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java b/src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java
index 3582e14..16ad335 100644
--- a/src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java
+++ b/src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java
@@ -12,12 +12,10 @@ import eu.dnetlib.repo.manager.service.ValidatorServiceImpl;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiParam;
import org.json.JSONException;
-import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@@ -47,10 +45,9 @@ public class ValidatorController {
consumes = MediaType.APPLICATION_JSON_VALUE,
produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
- @PreAuthorize("hasRole('ROLE_USER')")
+ @PreAuthorize("hasRole('ROLE_USER') and #email == authentication.userInfo.email")
public ResponseEntity