1. use sub for session instead of email 2. minor refactoring
This commit is contained in:
parent
d8eac0ac10
commit
830df7cb52
|
|
@ -26,7 +26,7 @@ public class FrontEndLinkURIAuthenticationSuccessHandler implements Authenticati
|
|||
private static final Logger logger = LoggerFactory.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class);
|
||||
|
||||
public void init() {
|
||||
logger.debug("Front end uri : " + frontEndURI);
|
||||
logger.debug("Front end uri : {}", frontEndURI);
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -36,7 +36,7 @@ public class FrontEndLinkURIAuthenticationSuccessHandler implements Authenticati
|
|||
@Override
|
||||
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
|
||||
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
|
||||
request.getSession().setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, authOIDC.getUserInfo().getEmail());
|
||||
request.getSession().setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, authOIDC.getUserInfo().getSub());
|
||||
|
||||
Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue());
|
||||
String regex = "^([A-Za-z0-9-_=]+)\\.([A-Za-z0-9-_=]+)\\.?([A-Za-z0-9-_.+=]*)$";
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper {
|
|||
} else if (userInfo.getSource().getAsJsonArray("eduperson_entitlement") != null) {
|
||||
entitlements = userInfo.getSource().getAsJsonArray("eduperson_entitlement");
|
||||
}
|
||||
logger.debug("user info: " + userInfo + "\nentitlements: " + entitlements);
|
||||
logger.debug("user info: {}\nentitlements: {}", userInfo, entitlements);
|
||||
|
||||
// FIXME: delete this if statement when super administrators are set
|
||||
if (userInfo.getEmail() != null && userInfo.getEmail().equals(adminEmail)) {
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ public class RedisConfiguration {
|
|||
serializer.setCookieName("openAIRESession");
|
||||
serializer.setCookiePath("/");
|
||||
serializer.setDomainName(domain);
|
||||
logger.info("Serializer : " + serializer);
|
||||
logger.info("Cookie Serializer : {}", serializer);
|
||||
return serializer;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ public class UserRoleController {
|
|||
@RequestMapping(method = RequestMethod.GET, path = "/users/{email}/roles")
|
||||
@PreAuthorize("hasAnyAuthority('SUPER_ADMINISTRATOR', 'CONTENT_PROVIDER_DASHBOARD_ADMINISTRATOR') or hasAuthority('REGISTERED_USER') and authentication.userInfo.email==#email")
|
||||
public ResponseEntity<Collection<String>> getRolesByEmail(@PathVariable("email") String email) {
|
||||
return ResponseEntity.ok(authorizationService.getUserRoles(email));
|
||||
return ResponseEntity.ok(authorizationService.getUserRolesByEmail(email));
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -106,4 +106,4 @@ public class UserRoleController {
|
|||
return ResponseEntity.ok(authorizationService.getUserRoles());
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,6 @@
|
|||
package eu.dnetlib.repo.manager.service;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonFactory;
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.jsontype.BasicPolymorphicTypeValidator;
|
||||
import com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator;
|
||||
import com.google.gson.JsonArray;
|
||||
import com.google.gson.JsonElement;
|
||||
import com.google.gson.JsonObject;
|
||||
|
|
@ -12,7 +8,6 @@ import eu.dnetlib.api.functionality.ValidatorServiceException;
|
|||
import eu.dnetlib.domain.enabling.Vocabulary;
|
||||
import eu.dnetlib.domain.functionality.validator.JobForValidation;
|
||||
import eu.dnetlib.repo.manager.domain.*;
|
||||
import eu.dnetlib.repo.manager.domain.broker.BrowseEntry;
|
||||
import eu.dnetlib.repo.manager.domain.dto.Role;
|
||||
import eu.dnetlib.repo.manager.domain.dto.User;
|
||||
import eu.dnetlib.repo.manager.exception.BrokerException;
|
||||
|
|
@ -331,8 +326,8 @@ public class RepositoryServiceImpl implements RepositoryService {
|
|||
|
||||
@Override
|
||||
public List<Repository> getRepositoriesOfUser(String page, String size) throws JSONException {
|
||||
String userEmail = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail();
|
||||
logger.debug("Retrieving repositories of authenticated user : " + userEmail);
|
||||
logger.debug("Retrieving repositories of authenticated user : {}",
|
||||
((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail());
|
||||
Collection<String> repoIds = roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRoles());
|
||||
return getRepositories(new ArrayList<>(repoIds));
|
||||
}
|
||||
|
|
@ -340,7 +335,7 @@ public class RepositoryServiceImpl implements RepositoryService {
|
|||
@Override
|
||||
public List<Repository> getRepositoriesOfUser(String userEmail, String page, String size) throws JSONException {
|
||||
logger.debug("Retrieving repositories of authenticated user : " + userEmail);
|
||||
Collection<String> repoIds = roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRoles(userEmail));
|
||||
Collection<String> repoIds = roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRolesByEmail(userEmail));
|
||||
return getRepositories(new ArrayList<>(repoIds));
|
||||
}
|
||||
|
||||
|
|
@ -355,7 +350,7 @@ public class RepositoryServiceImpl implements RepositoryService {
|
|||
int to = from + Integer.parseInt(size);
|
||||
List<String> repoIds = new ArrayList<>();
|
||||
if (userEmail != null && !"".equals(userEmail)) {
|
||||
repoIds.addAll(roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRoles(userEmail)));
|
||||
repoIds.addAll(roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRolesByEmail(userEmail)));
|
||||
} else {
|
||||
repoIds.addAll(roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRoles()));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {
|
|||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth instanceof OIDCAuthenticationToken) {
|
||||
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth;
|
||||
this.addRole(oidcAuth.getUserInfo().getEmail(), role);
|
||||
this.addRole(oidcAuth.getUserInfo().getSub(), role);
|
||||
} else {
|
||||
throw new UnauthorizedClientException("User auth is not instance of OIDCAuthenticationToken");
|
||||
}
|
||||
|
|
@ -82,7 +82,7 @@ public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {
|
|||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth instanceof OIDCAuthenticationToken) {
|
||||
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth;
|
||||
this.removeRole(oidcAuth.getUserInfo().getEmail(), role);
|
||||
this.removeRole(oidcAuth.getUserInfo().getSub(), role);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -38,22 +38,22 @@ public interface AuthorizationService {
|
|||
/**
|
||||
* Add a user as admin to a resource.
|
||||
*
|
||||
* @param id Resource id
|
||||
* @param email User email
|
||||
* @param resourceId Resource id
|
||||
* @param email User email
|
||||
* @return
|
||||
* @throws ResourceNotFoundException
|
||||
*/
|
||||
boolean addAdmin(String id, String email) throws ResourceNotFoundException;
|
||||
boolean addAdmin(String resourceId, String email) throws ResourceNotFoundException;
|
||||
|
||||
/**
|
||||
* Remove user from resource admins.
|
||||
*
|
||||
* @param id Resource id
|
||||
* @param email User email
|
||||
* @param resourceId Resource id
|
||||
* @param email User email
|
||||
* @return
|
||||
* @throws ResourceNotFoundException
|
||||
*/
|
||||
boolean removeAdmin(String id, String email) throws ResourceNotFoundException;
|
||||
boolean removeAdmin(String resourceId, String email) throws ResourceNotFoundException;
|
||||
|
||||
|
||||
/**
|
||||
|
|
@ -69,6 +69,6 @@ public interface AuthorizationService {
|
|||
* @param email
|
||||
* @return
|
||||
*/
|
||||
Collection<String> getUserRoles(String email);
|
||||
Collection<String> getUserRolesByEmail(String email);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,7 +70,6 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
|
||||
@Override
|
||||
public List<User> getAdminsOfRepo(String repoId) {
|
||||
List<String> userList = new ArrayList<>();
|
||||
|
||||
// find couId by role name
|
||||
String role = roleMappingService.getRoleIdByRepoId(repoId);
|
||||
|
|
@ -80,17 +79,17 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
|
||||
|
||||
@Override
|
||||
public boolean addAdmin(String id, String email) throws ResourceNotFoundException {
|
||||
public boolean addAdmin(String resourceId, String email) throws ResourceNotFoundException {
|
||||
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
||||
if (coPersonId != null) {
|
||||
String role = roleMappingService.getRoleIdByRepoId(id);
|
||||
String role = roleMappingService.getRoleIdByRepoId(resourceId);
|
||||
Integer couId = aaiRegistryService.getCouId(role);
|
||||
if (couId != null) {
|
||||
Integer roleId = aaiRegistryService.getRoleId(coPersonId, couId);
|
||||
aaiRegistryService.assignMemberRole(coPersonId, couId, roleId);
|
||||
|
||||
// Add role to user current authorities
|
||||
authoritiesUpdater.addRole(email, roleMappingService.convertRepoIdToAuthority(id));
|
||||
authoritiesUpdater.addRole(email, roleMappingService.convertRepoIdToAuthority(resourceId));
|
||||
|
||||
return true;
|
||||
} else {
|
||||
|
|
@ -102,10 +101,10 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
}
|
||||
|
||||
@Override
|
||||
public boolean removeAdmin(String id, String email) throws ResourceNotFoundException {
|
||||
public boolean removeAdmin(String resourceId, String email) throws ResourceNotFoundException {
|
||||
Integer coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
||||
if (coPersonId != null) {
|
||||
String role = roleMappingService.getRoleIdByRepoId(id);
|
||||
String role = roleMappingService.getRoleIdByRepoId(resourceId);
|
||||
Integer couId = aaiRegistryService.getCouId(role);
|
||||
Integer roleId = null;
|
||||
if (couId != null) {
|
||||
|
|
@ -115,7 +114,7 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
aaiRegistryService.removeMemberRole(coPersonId, couId, roleId);
|
||||
|
||||
// Remove role from user current authorities
|
||||
authoritiesUpdater.removeRole(email, roleMappingService.convertRepoIdToAuthority(id));
|
||||
authoritiesUpdater.removeRole(email, roleMappingService.convertRepoIdToAuthority(resourceId));
|
||||
|
||||
return true;
|
||||
} else {
|
||||
|
|
@ -130,14 +129,16 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
public Collection<String> getUserRoles() {
|
||||
Collection<String> roles;
|
||||
UserInfo userInfo = ((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo();
|
||||
roles = getUserRoles(userInfo.getEmail());
|
||||
roles = getUserRolesByEmail(userInfo.getEmail());
|
||||
|
||||
logger.debug(String.format("User Roles: %s", String.join(",", roles)));
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("User Roles: {}", String.join(",", roles));
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<String> getUserRoles(String email) {
|
||||
public Collection<String> getUserRolesByEmail(String email) {
|
||||
int coPersonId = aaiRegistryService.getCoPersonIdByEmail(email);
|
||||
List<Integer> list = new ArrayList<>();
|
||||
for (JsonElement element : aaiRegistryService.getRolesWithStatus(coPersonId, AaiRegistryService.RoleStatus.ACTIVE)) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue