MaDgIK
/
uoa-repository-manager-service
13
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replacing XML configuration for Provide with Java equivalent

This commit is contained in:
Ioannis Diplas 2019-12-18 10:39:27 +00:00
parent bf0bdf50c1
commit 6d906fbe89
18 changed files with 264 additions and 375 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pom.xml
View File

@ -22,7 +22,6 @@
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator-annotation-processor</artifactId>

179
src/main/java/eu/dnetlib/repo/manager/config/AaiSecurityConfiguration.java Normal file
View File

@ -0,0 +1,179 @@
package eu.dnetlib.repo.manager.config;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.client.OIDCAuthenticationFilter;
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
import org.mitre.openid.connect.client.service.impl.*;
import org.mitre.openid.connect.config.ServerConfiguration;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@Configuration
@EnableWebSecurity
public class AaiSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Value("${webapp.dev.front}")
private String logoutSuccessUrl;
@Value("${oidc.issuer}")
private String oidcIssuer;
@Value("${oidc.id}")
private String oidcId;
@Value("${oidc.secret}")
private String oidcSecret;
@Value("${oidc.dev.home}")
private String oidcDevHome;
@Value("${webapp.dev.front}")
private String webAppFrontEnd;
private Map<String, String> userRoles = new HashMap<String, String>(){{
put("urn:geant:openaire.eu:group:Super+Administrator#aai.openaire.eu", "ROLE_ADMIN");
put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator#aai.openaire.eu","ROLE_PROVIDE_ADMIN");
}};
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return authenticationManager();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(openIdConnectAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint())
.and()
.logout().logoutUrl("/openid_logout")
.invalidateHttpSession(true)
.deleteCookies("openAIRESession")
.logoutSuccessUrl(logoutSuccessUrl)
.and()
.addFilterBefore(openIdConnectAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
;
}
@Bean
public OIDCAuthenticationProvider openIdConnectAuthenticationProvider(){
OIDCAuthenticationProvider oidcProvider = new OIDCAuthenticationProvider();
oidcProvider.setAuthoritiesMapper(authoritiesMapper());
return oidcProvider;
}
@Bean
public OpenAireProviderAuthoritiesMapper authoritiesMapper(){
OpenAireProviderAuthoritiesMapper authoritiesMapper = new OpenAireProviderAuthoritiesMapper(userRoles);
return authoritiesMapper;
}
@Bean
public StaticServerConfigurationService staticServerConfigurationService(){
StaticServerConfigurationService staticServerConfigurationService = new StaticServerConfigurationService();
Map<String, ServerConfiguration> servers = new HashMap<>();
servers.put(oidcIssuer, serverConfiguration());
staticServerConfigurationService.setServers(servers);
return staticServerConfigurationService;
}
@Bean
public StaticClientConfigurationService staticClientConfigurationService(){
StaticClientConfigurationService staticClientConfigurationService = new StaticClientConfigurationService();
Map<String, RegisteredClient> clients = new HashMap<>();
clients.put(oidcIssuer,registeredClient());
staticClientConfigurationService.setClients(clients);
return staticClientConfigurationService;
}
@Bean
public RegisteredClient registeredClient(){
RegisteredClient registeredClient = new RegisteredClient();
registeredClient.setClientId(oidcId);
registeredClient.setClientSecret(oidcSecret);
registeredClient.setScope(new HashSet<>(Collections.singletonList("openid")));
registeredClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
registeredClient.setRedirectUris(new HashSet<>(Collections.singletonList(oidcDevHome)));
return registeredClient;
}
@Bean
public StaticAuthRequestOptionsService staticAuthRequestOptionsService(){
return new StaticAuthRequestOptionsService();
}
@Bean
public PlainAuthRequestUrlBuilder plainAuthRequestUrlBuilder(){
return new PlainAuthRequestUrlBuilder();
}
@Bean
public ServerConfiguration serverConfiguration(){
ServerConfiguration serverConfiguration = new ServerConfiguration();
serverConfiguration.setIssuer(oidcIssuer);
serverConfiguration.setAuthorizationEndpointUri(oidcIssuer+"authorize");
serverConfiguration.setTokenEndpointUri(oidcIssuer+"token");
serverConfiguration.setUserInfoUri(oidcIssuer+"userinfo");
serverConfiguration.setJwksUri(oidcIssuer+"jwk");
serverConfiguration.setRevocationEndpointUri(oidcIssuer+"revoke");
return serverConfiguration;
}
@Bean
public LoginUrlAuthenticationEntryPoint authenticationEntryPoint(){
return new LoginUrlAuthenticationEntryPoint("/openid_connect_login");
}
@Bean
public OIDCAuthenticationFilter openIdConnectAuthenticationFilter() throws Exception {
OIDCAuthenticationFilter oidc = new OIDCAuthenticationFilter();
oidc.setAuthenticationManager(authenticationManagerBean());
oidc.setIssuerService(staticSingleIssuerService());
oidc.setServerConfigurationService(staticServerConfigurationService());
oidc.setClientConfigurationService(staticClientConfigurationService());
oidc.setAuthRequestOptionsService(staticAuthRequestOptionsService());
oidc.setAuthRequestUrlBuilder(plainAuthRequestUrlBuilder());
oidc.setAuthenticationSuccessHandler(frontEndRedirect());
return oidc;
}
@Bean
public StaticSingleIssuerService staticSingleIssuerService(){
StaticSingleIssuerService staticSingleIssuerService = new StaticSingleIssuerService();
staticSingleIssuerService.setIssuer(oidcIssuer);
return staticSingleIssuerService;
}
@Bean(initMethod = "init")
public FrontEndLinkURIAuthenticationSuccessHandler frontEndRedirect(){
FrontEndLinkURIAuthenticationSuccessHandler frontEnd = new FrontEndLinkURIAuthenticationSuccessHandler();
frontEnd.setFrontEndURI(webAppFrontEnd);
return frontEnd;
}
}

3
src/main/java/eu/dnetlib/repo/manager/config/CascadingPropertyLoader.java
View File

@ -52,4 +52,5 @@ public class CascadingPropertyLoader extends PropertyPlaceholderConfigurer imple
this.properties = properties;
}
}
}

59
src/main/java/eu/dnetlib/repo/manager/config/DatasourceConfiguration.java Normal file
View File

@ -0,0 +1,59 @@
package eu.dnetlib.repo.manager.config;
import org.apache.commons.dbcp.BasicDataSource;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.jdbc.datasource.DataSourceTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;
@Configuration
@EnableTransactionManagement
public class DatasourceConfiguration {
private static Logger LOGGER = Logger.getLogger(DatasourceConfiguration.class);
@Value("${repomanager.db.driverClassName}")
private String driverClassname;
@Value("${repomanager.db.url}")
private String URL;
@Value("${repomanager.db.username}")
private String username;
@Value("${repomanager.db.password}")
private String password;
@Bean
public BasicDataSource dataSource(){
BasicDataSource basicDataSource = new BasicDataSource();
basicDataSource.setDriverClassName(driverClassname);
basicDataSource.setUrl(URL);
basicDataSource.setUsername(username);
basicDataSource.setPassword(password);
basicDataSource.setMaxIdle(10);
basicDataSource.setMaxActive(100);
basicDataSource.setMaxWait(1000);
basicDataSource.setValidationQuery("SELECT 1;");
basicDataSource.setTestOnBorrow(true);
basicDataSource.setTestOnReturn(true);
basicDataSource.setTestWhileIdle(true);
basicDataSource.setTimeBetweenEvictionRunsMillis(1200000);
basicDataSource.setMinEvictableIdleTimeMillis(1800000);
basicDataSource.setMinEvictableIdleTimeMillis(5);
basicDataSource.setPoolPreparedStatements(true);
basicDataSource.setDefaultAutoCommit(true);
return basicDataSource;
}
@Bean
public DataSourceTransactionManager txManager(){
DataSourceTransactionManager txManager = new DataSourceTransactionManager();
txManager.setDataSource(dataSource());
return txManager;
}
}

19
src/main/java/eu/dnetlib/repo/manager/config/GlobalSecurityConfiguration.java Normal file
View File

@ -0,0 +1,19 @@
package eu.dnetlib.repo.manager.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true,proxyTargetClass = true)
public class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration {
@Bean
public CommonsMultipartResolver multipartResolver(){
CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver();
multipartResolver.setMaxUploadSize(268435456);
return multipartResolver;
}
}

5
src/main/java/eu/dnetlib/repo/manager/config/Config.java → src/main/java/eu/dnetlib/repo/manager/config/RedisConfiguration.java
View File

@ -22,9 +22,9 @@ import javax.annotation.PostConstruct;
@ComponentScan(basePackages = {
"org.eurocris.openaire.cris.validator.service",
"eu.dnetlib.repo.manager.*"})
public class Config {
public class RedisConfiguration {
private static Logger LOGGER = Logger.getLogger(Config.class);
private static Logger LOGGER = Logger.getLogger(RedisConfiguration.class);
@Value("${redis.host}")
private String host;
@ -75,4 +75,5 @@ public class Config {
return restTemplate;
}
}

4
src/main/java/eu/dnetlib/repo/manager/controllers/BrokerController.java
View File

@ -7,12 +7,10 @@ import eu.dnetlib.repo.manager.service.BrokerServiceImpl;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiParam;
import org.json.JSONException;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.io.IOException;
@ -37,7 +35,6 @@ public class BrokerController{
@ApiParam(value = "Include shared datasources", required = true , defaultValue = "false") String includeShared,
@RequestParam("includeByOthers")
@ApiParam(value = "Include datasources of other", required = true,defaultValue = "false") String includeByOthers) throws JSONException {
user = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return brokerService.getDatasourcesOfUser(user, includeShared, includeByOthers);
}
@ -78,7 +75,6 @@ public class BrokerController{
@ResponseBody
@PreAuthorize("hasRole('ROLE_USER')")
public Map<String, List<SimpleSubscriptionDesc>> getSimpleSubscriptionsOfUser(@PathVariable("userEmail") String userEmail) throws BrokerException{
userEmail = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return brokerService.getSimpleSubscriptionsOfUser(userEmail);
}

4
src/main/java/eu/dnetlib/repo/manager/controllers/DashboardController.java
View File

@ -7,11 +7,9 @@ import eu.dnetlib.repo.manager.service.PiWikService;
import eu.dnetlib.repo.manager.service.RepositoryService;
import io.swagger.annotations.Api;
import org.json.JSONException;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@ -40,7 +38,6 @@ public class DashboardController {
public List<RepositorySummaryInfo> getRepositoriesSummaryInfo(@PathVariable("userEmail") String userEmail,
@PathVariable("page") String page,
@PathVariable("size") String size) throws JSONException {
userEmail = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return dashboardService.getRepositoriesSummaryInfo(userEmail, page, size);
}
@ -87,7 +84,6 @@ public class DashboardController {
public BrokerSummary getBrokerSummary(
@PathVariable("email") String email,
@PathVariable("ds_name") String datasourceName) throws BrokerException {
email = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return new BrokerSummary(brokerService.getSimpleSubscriptionsOfUser(email), brokerService.getTopicsForDatasource(datasourceName));
}

5
src/main/java/eu/dnetlib/repo/manager/controllers/MonitorController.java
View File

@ -8,11 +8,9 @@ import io.swagger.annotations.Api;
import io.swagger.annotations.ApiParam;
import org.apache.log4j.Logger;
import org.json.JSONException;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
@RestController
@ -39,7 +37,7 @@ public class MonitorController {
@RequestParam(value = "dateTo", required = false) @ApiParam(value = "Null value") String dateTo,
@RequestParam("validationStatus") @ApiParam(value = "Equals to filter validation jobs", required = false) String validationStatus,
@RequestParam("includeJobsTotal") @ApiParam(value = "Always true", required = true) String includeJobsTotal) throws JSONException, ValidatorServiceException {
user = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return monitorService.getJobsOfUser(user, jobType, offset, limit, dateFrom, dateTo, validationStatus, includeJobsTotal);
}
@ -49,7 +47,6 @@ public class MonitorController {
public int getJobsOfUserPerValidationStatus(@RequestBody String user,
@RequestBody String jobType,
@RequestBody String validationStatus) throws JSONException {
user = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return monitorService.getJobsOfUserPerValidationStatus(user, jobType, validationStatus);
}

4
src/main/java/eu/dnetlib/repo/manager/controllers/RepositoryController.java
View File

@ -8,13 +8,11 @@ import eu.dnetlib.repo.manager.exception.ResourceNotFoundException;
import eu.dnetlib.repo.manager.service.RepositoryServiceImpl;
import io.swagger.annotations.Api;
import org.json.JSONException;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.io.IOException;
@ -51,7 +49,6 @@ public class RepositoryController {
public List<RepositorySnippet> getRepositoriesOfUser(@PathVariable("userEmail") String userEmail,
@PathVariable("page") String page,
@PathVariable("size") String size) throws JSONException, IOException {
userEmail = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return repositoryService.getRepositoriesSnippetOfUser(userEmail, page, size);
}
@ -175,7 +172,6 @@ public class RepositoryController {
public List<String> getUrlsOfUserRepos(@PathVariable("user_email") String userEmail,
@PathVariable("page") String page,
@PathVariable("size") String size) throws JSONException {
userEmail = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return repositoryService.getUrlsOfUserRepos(userEmail, page, size);
}

6
src/main/java/eu/dnetlib/repo/manager/controllers/ValidatorController.java
View File

@ -12,12 +12,10 @@ import eu.dnetlib.repo.manager.service.ValidatorServiceImpl;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiParam;
import org.json.JSONException;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.util.List;
@ -47,10 +45,9 @@ public class ValidatorController {
consumes = MediaType.APPLICATION_JSON_VALUE,
produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
@PreAuthorize("hasRole('ROLE_USER')")
@PreAuthorize("hasRole('ROLE_USER') and #email == authentication.userInfo.email")
public ResponseEntity<Object> reSubmitJobForValidation(@PathVariable("email") String email,
@PathVariable("jobId") String jobId) throws JSONException, ValidatorServiceException {
email = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return validatorService.reSubmitJobForValidation(email, jobId);
}
@ -90,7 +87,6 @@ public class ValidatorController {
@RequestParam(value = "dateTo", required = false) @ApiParam(value = "Null value") String dateTo,
@RequestParam("validationStatus") @ApiParam(value = "Equals to filter validation jobs", required = true) String validationStatus
) throws ValidatorServiceException {
user = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
return validatorService.getStoredJobsNew(user, jobType, offset, limit, dateFrom, dateTo, validationStatus);
}

29
src/main/java/eu/dnetlib/repo/manager/domain/RepositorySnippet.java
View File

@ -3,8 +3,6 @@ package eu.dnetlib.repo.manager.domain;
import eu.dnetlib.domain.data.PiwikInfo;
import java.util.Date;
public class RepositorySnippet {
private String id;
@ -17,9 +15,6 @@ public class RepositorySnippet {
private String registrationdate;
private String logoUrl;
private String description;
private String fullTextDownload;
private String consentTermsOfUse;
private Date consentTermsOfUseDate;
private PiwikInfo piwikInfo;
@ -113,28 +108,4 @@ public class RepositorySnippet {
public void setDescription(String description) {
this.description = description;
}
public String getFullTextDownload() {
return fullTextDownload;
}
public void setFullTextDownload(String fullTextDownload) {
this.fullTextDownload = fullTextDownload;
}
public String getConsentTermsOfUse() {
return consentTermsOfUse;
}
public void setConsentTermsOfUse(String consentTermsOfUse) {
this.consentTermsOfUse = consentTermsOfUse;
}
public Date getConsentTermsOfUseDate() {
return consentTermsOfUseDate;
}
public void setConsentTermsOfUseDate(Date consentTermsOfUseDate) {
this.consentTermsOfUseDate = consentTermsOfUseDate;
}
}

2
src/main/java/eu/dnetlib/repo/manager/service/PiWikServiceImpl.java
View File

@ -32,7 +32,6 @@ import java.util.Map;
@Service("piwikService")
public class PiWikServiceImpl implements PiWikService {
@Qualifier("repomanager.dataSource")
@Autowired
private DataSource dataSource;
@ -40,7 +39,6 @@ public class PiWikServiceImpl implements PiWikService {
@Value("${services.repomanager.analyticsURL}")
private String analyticsURL;
@Autowired
private RepositoryService repositoryService;

25
src/main/resources/application-context.xml
View File

@ -8,7 +8,6 @@
<context:annotation-config/>
<context:component-scan base-package="eu.dnetlib.repo.manager.service.*"/>
<tx:annotation-driven transaction-manager="txManager"/>
<bean class="eu.dnetlib.repo.manager.config.CascadingPropertyLoader"
id="propertyLoader">
@ -40,28 +39,4 @@
</list>
</property>
</bean>
<bean id="repomanager.dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${repomanager.db.driverClassName}" />
<property name="url" value="${repomanager.db.url}" />
<property name="username" value="${repomanager.db.username}" />
<property name="password" value="${repomanager.db.password}" />
<property name="maxIdle" value="10" />
<property name="maxActive" value="100" />
<property name="maxWait" value="10000" />
<property name="validationQuery" value="SELECT 1;" />
<property name="testOnBorrow" value="true" />
<property name="testOnReturn" value="true" />
<property name="testWhileIdle" value="true" />
<property name="timeBetweenEvictionRunsMillis" value="1200000" />
<property name="minEvictableIdleTimeMillis" value="1800000" />
<property name="numTestsPerEvictionRun" value="5" />
<property name="poolPreparedStatements" value="true" />
<property name="defaultAutoCommit" value="true" />
</bean>
<bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="repomanager.dataSource"/>
</bean>
</beans>

157
src/main/webapp/WEB-INF/aai-security.xml
View File

@ -1,157 +0,0 @@
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.1.xsd"
default-autowire="byType">
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="268435456"/>
</bean>
<!--<bean id="webexpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>-->
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
<security:http auto-config="false" use-expressions="true"
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
pattern="/**">
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
<security:logout logout-url="/openid_logout" invalidate-session="true"
delete-cookies="openAIRESession" logout-success-url="${webapp.dev.front}"/>
</security:http>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
</security:authentication-manager>
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
<property name="authoritiesMapper">
<bean class="eu.dnetlib.repo.manager.config.OpenAireProviderAuthoritiesMapper">
<constructor-arg name="userRoles" ref="userRoles"/>
</bean>
</property>
</bean>
<util:map id="userRoles">
<entry key="urn:geant:openaire.eu:group:Super+Administrator#aai.openaire.eu" value="ROLE_ADMIN"/>
<entry key="urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator#aai.openaire.eu" value="ROLE_PROVIDE_ADMIN"/>
</util:map>
<bean class="eu.dnetlib.repo.manager.config.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect"
init-method="init">
<property name="frontEndURI" value="${webapp.dev.front}"/>
</bean>
<!--
-
- The authentication filter
-
-->
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="issuerService" ref="staticIssuerService" />
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
</bean>
<!--
Static issuer service, returns the same issuer for every request.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
<property name="issuer" value="${oidc.issuer}" />
</bean>
<!--
Dynamic server configuration, fetches the server's information using OIDC Discovery.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
<property name="servers">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
<property name="issuer" value="${oidc.issuer}" />
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
<property name="jwksUri" value="${oidc.issuer}jwk" />
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
</bean>
</entry>
</map>
</property>
</bean>
<!--
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="${oidc.id}" />
<property name="clientSecret" value="${oidc.secret}" />
<property name="scope">
<set value-type="java.lang.String">
<value>openid</value>
</set>
</property>
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
<property name="redirectUris">
<set>
<value>${oidc.dev.home}</value>
</set>
</property>
</bean>
</entry>
</map>
</property>
</bean>
<!--
-
- Auth request options service: returns the optional components of the request
-
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
<property name="options">
<map>
<!-- Entries in this map are sent as key-value parameters to the auth request -->
<!--
<entry key="display" value="page" />
<entry key="max_age" value="30" />
<entry key="prompt" value="none" />
-->
</map>
</property>
</bean>
<!--
Plain authorization request builder, puts all options as query parameters on the GET request
-->
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
</beans>

25
src/main/webapp/WEB-INF/applicationContext.xml
View File

@ -67,31 +67,6 @@
</property>
</bean>
<bean id="repomanager.dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${repomanager.db.driverClassName}" />
<property name="url" value="${repomanager.db.url}" />
<property name="username" value="${repomanager.db.username}" />
<property name="password" value="${repomanager.db.password}" />
<property name="maxIdle" value="10" />
<property name="maxActive" value="100" />
<property name="maxWait" value="10000" />
<property name="validationQuery" value="SELECT 1;" />
<property name="testOnBorrow" value="true" />
<property name="testOnReturn" value="true" />
<property name="testWhileIdle" value="true" />
<property name="timeBetweenEvictionRunsMillis" value="1200000" />
<property name="minEvictableIdleTimeMillis" value="1800000" />
<property name="numTestsPerEvictionRun" value="5" />
<property name="poolPreparedStatements" value="true" />
<property name="defaultAutoCommit" value="true" />
</bean>
<tx:annotation-driven transaction-manager="txManager"/>
<bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="repomanager.dataSource"/>
</bean>
<mvc:resources mapping="swagger-ui.html" location="classpath:/META-INF/resources/"/>
<mvc:resources mapping="/webjars/**" location="classpath:/META-INF/resources/webjars/"/>
<bean class="eu.dnetlib.repo.manager.config.SwaggerConfig"/>

87
src/main/webapp/WEB-INF/web.xml
View File

@ -1,87 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/aai-security.xml
</param-value>
</context-param>
<context-param>
<param-name>log4jRefreshInterval</param-name>
<param-value>1000</param-value>
</context-param>
<context-param>
<param-name>log4jExposeWebAppRoot</param-name>
<param-value>false</param-value>
</context-param>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<init-param>
<param-name>throwExceptionIfNoHandlerFound</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
</init-param>
</filter>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET, POST, PUT, DELETE, OPTIONS, HEAD</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSessionRepositoryFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSessionRepositoryFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>

25
src/test/resources/application-context.xml
View File

@ -8,7 +8,6 @@
<context:annotation-config/>
<context:component-scan base-package="eu.dnetlib.repo.manager.service.*"/>
<tx:annotation-driven transaction-manager="txManager"/>
<bean class="eu.dnetlib.repo.manager.config.CascadingPropertyLoader"
id="propertyLoader">
@ -40,28 +39,4 @@
</list>
</property>
</bean>
<bean id="repomanager.dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${repomanager.db.driverClassName}" />
<property name="url" value="${repomanager.db.url}" />
<property name="username" value="${repomanager.db.username}" />
<property name="password" value="${repomanager.db.password}" />
<property name="maxIdle" value="10" />
<property name="maxActive" value="100" />
<property name="maxWait" value="10000" />
<property name="validationQuery" value="SELECT 1;" />
<property name="testOnBorrow" value="true" />
<property name="testOnReturn" value="true" />
<property name="testWhileIdle" value="true" />
<property name="timeBetweenEvictionRunsMillis" value="1200000" />
<property name="minEvictableIdleTimeMillis" value="1800000" />
<property name="numTestsPerEvictionRun" value="5" />
<property name="poolPreparedStatements" value="true" />
<property name="defaultAutoCommit" value="true" />
</bean>
<bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="repomanager.dataSource"/>
</bean>
</beans>