Configure aai / redis
This commit is contained in:
parent
edd2e4aa02
commit
daac1ae6cd
163
pom.xml
163
pom.xml
|
@ -15,52 +15,6 @@
|
|||
<packaging>war</packaging>
|
||||
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<version>3.1</version>
|
||||
<configuration>
|
||||
<source>1.8</source>
|
||||
<target>1.8</target>
|
||||
<encoding>UTF-8</encoding>
|
||||
</configuration>
|
||||
</plugin>
|
||||
|
||||
<plugin>
|
||||
<artifactId>maven-war-plugin</artifactId>
|
||||
<version>2.6</version>
|
||||
<configuration>
|
||||
<failOnMissingWebXml>false</failOnMissingWebXml>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<!--<plugin>
|
||||
<groupId>cz.habarta.typescript-generator</groupId>
|
||||
<artifactId>typescript-generator-maven-plugin</artifactId>
|
||||
<version>1.29.366</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>generate1</id>
|
||||
<goals>
|
||||
<goal>generate</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<jsonLibrary>jackson2</jsonLibrary>
|
||||
<outputFileType>implementationFile</outputFileType>
|
||||
<mapClasses>asClasses</mapClasses>
|
||||
<classPatterns>
|
||||
<pattern>eu.dnetlib.domain.data.*</pattern>
|
||||
</classPatterns>
|
||||
<outputFile>target/typeScriptClasses.ts</outputFile>
|
||||
<outputKind>module</outputKind>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>-->
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
<dependencies>
|
||||
|
||||
<dependency>
|
||||
|
@ -231,8 +185,13 @@
|
|||
<version>LATEST</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>commons-fileupload</groupId>
|
||||
<artifactId>commons-fileupload</artifactId>
|
||||
<version>LATEST</version>
|
||||
</dependency>
|
||||
|
||||
<!--<dependency>
|
||||
<dependency>
|
||||
<groupId>org.mitre</groupId>
|
||||
<artifactId>openid-connect-client</artifactId>
|
||||
<version>1.3.0</version>
|
||||
|
@ -242,21 +201,117 @@
|
|||
<artifactId>jcl-over-slf4j</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>-->
|
||||
</dependency>
|
||||
|
||||
<!--<dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.session</groupId>
|
||||
<artifactId>spring-session-data-redis</artifactId>
|
||||
<version>1.3.1.RELEASE</version>
|
||||
<type>pom</type>
|
||||
</dependency>
|
||||
<!-- https://mvnrepository.com/artifact/redis.clients/jedis -->
|
||||
<dependency>
|
||||
<groupId>biz.paluch.redis</groupId>
|
||||
<artifactId>lettuce</artifactId>
|
||||
<version>3.5.0.Final</version>
|
||||
</dependency>-->
|
||||
|
||||
<groupId>redis.clients</groupId>
|
||||
<artifactId>jedis</artifactId>
|
||||
<version>2.9.0</version>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<version>3.1</version>
|
||||
<configuration>
|
||||
<source>1.8</source>
|
||||
<target>1.8</target>
|
||||
<encoding>UTF-8</encoding>
|
||||
</configuration>
|
||||
</plugin>
|
||||
|
||||
<plugin>
|
||||
<artifactId>maven-war-plugin</artifactId>
|
||||
<version>2.6</version>
|
||||
<configuration>
|
||||
<failOnMissingWebXml>false</failOnMissingWebXml>
|
||||
</configuration>
|
||||
</plugin>
|
||||
|
||||
<plugin>
|
||||
<groupId>com.googlecode.maven-download-plugin</groupId>
|
||||
<artifactId>download-maven-plugin</artifactId>
|
||||
<version>1.3.0</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>wget</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<url>
|
||||
https://github.com/ostranme/swagger-ui-themes/archive/v3.0.0.zip
|
||||
</url>
|
||||
<unpack>true</unpack>
|
||||
<outputDirectory>${project.build.directory}</outputDirectory>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-antrun-plugin</artifactId>
|
||||
<version>1.8</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<phase>prepare-package</phase>
|
||||
<!--<goals>
|
||||
<goal>run</goal>
|
||||
</goals>-->
|
||||
<configuration>
|
||||
<tasks>
|
||||
<sequential>
|
||||
<echo>Add theme</echo>
|
||||
<replace token="</head>"
|
||||
value="<link href='webjars/springfox-swagger-ui/themes/2.x/theme-feeling-blue.css' rel="stylesheet"/></head>"
|
||||
dir="${project.build.directory}/classes/META-INF/resources">
|
||||
<include name="swagger-ui.html"/>
|
||||
</replace>
|
||||
</sequential>
|
||||
</tasks>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
|
||||
<!--<plugin>
|
||||
<groupId>cz.habarta.typescript-generator</groupId>
|
||||
<artifactId>typescript-generator-maven-plugin</artifactId>
|
||||
<version>1.29.366</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>generate1</id>
|
||||
<goals>
|
||||
<goal>generate</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<jsonLibrary>jackson2</jsonLibrary>
|
||||
<outputFileType>implementationFile</outputFileType>
|
||||
<mapClasses>asClasses</mapClasses>
|
||||
<classPatterns>
|
||||
<pattern>eu.dnetlib.domain.data.*</pattern>
|
||||
</classPatterns>
|
||||
<outputFile>target/typeScriptClasses.ts</outputFile>
|
||||
<outputKind>module</outputKind>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>-->
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
|
||||
</project>
|
||||
|
|
|
@ -1,28 +1,28 @@
|
|||
/*
|
||||
package eu.dnetlib.repo.manager.service.utils;
|
||||
package eu.dnetlib.repo.manager.service.config;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
|
||||
import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
|
||||
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
|
||||
import org.springframework.session.web.http.CookieSerializer;
|
||||
import org.springframework.session.web.http.DefaultCookieSerializer;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
@Configuration
|
||||
@EnableRedisHttpSession
|
||||
@PropertySource(value = { "classpath:eu/dnetlib/repo/manager/service/application.properties", "classpath:application.properties"} )
|
||||
@ComponentScan(basePackages = "eu.dnetlib.repo.manager")
|
||||
@PropertySource(value = { "classpath:eu/dnetlib/repo/manager/service/application.properties"} )
|
||||
@ComponentScan(basePackages = "eu.dnetlib.repo.manager.service.controllers")
|
||||
|
||||
public class Config {
|
||||
|
||||
private static Logger LOGGER = Logger.getLogger(String.valueOf(Config.class));
|
||||
private static Logger LOGGER = Logger.getLogger(Config.class);
|
||||
|
||||
@Value("${redis.host}")
|
||||
@Value("${redis.host:194.177.192.121}")
|
||||
private String host;
|
||||
|
||||
@Value("${redis.port:6379}")
|
||||
|
@ -37,11 +37,13 @@ public class Config {
|
|||
}
|
||||
|
||||
@Bean
|
||||
public LettuceConnectionFactory connectionFactory() {
|
||||
LOGGER.info(String.format("Redis connection listens to %s:%s",host,port));
|
||||
LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));
|
||||
if(password != null) factory.setPassword(password);
|
||||
return factory;
|
||||
JedisConnectionFactory connectionFactory() {
|
||||
LOGGER.info(String.format("Redis : %s Port : %s Password : %s",host,port,password));
|
||||
JedisConnectionFactory jedisConnectionFactory = new JedisConnectionFactory();
|
||||
jedisConnectionFactory.setHostName(host);
|
||||
jedisConnectionFactory.setPort(Integer.parseInt(port));
|
||||
if(password != null) jedisConnectionFactory.setPassword(password);
|
||||
return jedisConnectionFactory;
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
@ -49,8 +51,8 @@ public class Config {
|
|||
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
|
||||
serializer.setCookieName("SESSION"); // <1>
|
||||
serializer.setCookiePath("/"); // <2>
|
||||
LOGGER.info("Serializer : " + serializer);
|
||||
return serializer;
|
||||
}
|
||||
|
||||
}
|
||||
*/
|
|
@ -1,10 +1,11 @@
|
|||
/*
|
||||
package eu.dnetlib.repo.manager.service.utils;
|
||||
package eu.dnetlib.repo.manager.service.config;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
@ -15,8 +16,20 @@ public class FrontEndLinkURIAuthenticationSuccessHandler implements Authenticati
|
|||
|
||||
private String frontEndURI;
|
||||
|
||||
private static final Logger LOGGER = Logger
|
||||
.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class);
|
||||
|
||||
@PostConstruct
|
||||
public void init(){
|
||||
LOGGER.debug(frontEndURI);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
|
||||
|
||||
LOGGER.info(request);
|
||||
LOGGER.info(response);
|
||||
|
||||
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
|
||||
Cookie sessionCookie = new Cookie("currentUser", authOIDC.getSub());
|
||||
int expireSec = -1;
|
||||
|
@ -35,4 +48,3 @@ public class FrontEndLinkURIAuthenticationSuccessHandler implements Authenticati
|
|||
}
|
||||
}
|
||||
|
||||
*/
|
|
@ -94,6 +94,11 @@ public interface RepositoryApi {
|
|||
@ResponseBody
|
||||
List<Timezone> getTimezones();
|
||||
|
||||
@RequestMapping(value = "/updateRepository", method = RequestMethod.POST,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
Repository updateRepository(Repository repository);
|
||||
|
||||
@RequestMapping(value = "/updateManagedStatus", method = RequestMethod.POST,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
@ResponseBody
|
||||
|
|
|
@ -337,12 +337,15 @@ public class RepositoryApiImpl implements RepositoryApi {
|
|||
return repository;
|
||||
}
|
||||
|
||||
private void updateRepository(Repository repository) {
|
||||
this.updateRegisteredByValue(repository.getId(),repository.getRegisteredBy());
|
||||
this.updateEnglishName(repository.getId(),repository.getOfficialName(),repository.getEnglishName());
|
||||
this.updateLogoUrl(repository.getId(),repository.getLogoUrl());
|
||||
this.updateTimezone(repository.getId(), String.valueOf(repository.getTimezone()));
|
||||
//TODO update datasource type
|
||||
@Override
|
||||
public Repository updateRepository(@RequestBody Repository repository) {
|
||||
/*UriComponents uriComponents = UriComponentsBuilder
|
||||
.fromHttpUrl(baseAddress + "/ds/update/")
|
||||
.build()
|
||||
.encode();*/
|
||||
return null;
|
||||
|
||||
|
||||
}
|
||||
|
||||
private void updateRegisteredByValue(String id, String registeredBy) {
|
||||
|
|
|
@ -1,23 +1,18 @@
|
|||
/*
|
||||
package eu.dnetlib.repo.manager.service.controllers;
|
||||
|
||||
import io.swagger.annotations.Api;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
@RestController
|
||||
@RequestMapping(value = "/user")
|
||||
@Api(description = "User API", tags = {"user"})
|
||||
public interface UserApi {
|
||||
|
||||
@RequestMapping(value = "/login" , method = RequestMethod.GET)
|
||||
void login(HttpServletRequest req,
|
||||
HttpServletResponse resp);
|
||||
ResponseEntity<Object> login();
|
||||
|
||||
|
||||
}
|
||||
*/
|
||||
|
|
|
@ -1,11 +1,18 @@
|
|||
/*
|
||||
package eu.dnetlib.repo.manager.service.controllers;
|
||||
|
||||
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Component
|
||||
public class UserApiImpl implements UserApi {
|
||||
|
@ -17,11 +24,20 @@ public class UserApiImpl implements UserApi {
|
|||
private String oidc_issuer;
|
||||
|
||||
@Override
|
||||
public void login(HttpServletRequest req,
|
||||
HttpServletResponse resp) {
|
||||
LOGGER.debug(oidc_issuer);
|
||||
resp.setStatus(HttpServletResponse.SC_FOUND);
|
||||
resp.setHeader("Location", oidc_issuer);
|
||||
@PreAuthorize("hasRole('ROLE_USER')")
|
||||
public ResponseEntity<Object> login() {
|
||||
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
||||
LOGGER.debug("User authentication : " + authentication);
|
||||
Map<String,Object> body = new HashMap<>();
|
||||
body.put("sub",authentication.getSub());
|
||||
if(authentication.getUserInfo().getName() == null || authentication.getUserInfo().getName().equals("")) {
|
||||
body.put("name",authentication.getUserInfo().getGivenName() + " " + authentication.getUserInfo().getFamilyName());
|
||||
} else {
|
||||
body.put("name",authentication.getUserInfo().getName());
|
||||
}
|
||||
body.put("email",authentication.getUserInfo().getEmail());
|
||||
List<String> roles = authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
|
||||
body.put("role",roles);
|
||||
return new ResponseEntity<>(body, HttpStatus.OK);
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
package eu.dnetlib.repo.manager.service.utils;
|
||||
|
||||
import com.nimbusds.jwt.JWT;
|
||||
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
|
||||
import org.mitre.openid.connect.model.UserInfo;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
public class OMTDAuthoritiesMapper implements OIDCAuthoritiesMapper {
|
||||
|
||||
private static Logger logger = LoggerFactory.getLogger(OMTDAuthoritiesMapper.class);
|
||||
|
||||
final private static String ROLE_CLAIMS = "edu_person_entitlements";
|
||||
|
||||
private Map<String,SimpleGrantedAuthority> userRolesMap;
|
||||
|
||||
OMTDAuthoritiesMapper(Map<String,String> userRoles) {
|
||||
userRolesMap = new HashMap<>();
|
||||
userRoles.forEach((omtdRole, appRole) -> userRolesMap.put(omtdRole, new SimpleGrantedAuthority(appRole)));
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> mapAuthorities(JWT idToken, UserInfo userInfo) {
|
||||
Set<GrantedAuthority> out = new HashSet<>();
|
||||
out.add(new SimpleGrantedAuthority("ROLE_USER"));
|
||||
if(userInfo.getSource().getAsJsonArray(ROLE_CLAIMS) != null) {
|
||||
userInfo.getSource().getAsJsonArray(ROLE_CLAIMS).forEach(role -> {
|
||||
SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString());
|
||||
if (authority != null) {
|
||||
logger.debug("Role mapped " + role);
|
||||
out.add(authority);
|
||||
}
|
||||
});
|
||||
}
|
||||
return out;
|
||||
}
|
||||
}
|
|
@ -1,9 +1,9 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:task="http://www.springframework.org/schema/task" xmlns:tx="http://www.springframework.org/schema/tx"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:task="http://www.springframework.org/schema/task" xmlns:tx="http://www.springframework.org/schema/tx"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
|
||||
http://www.springframework.org/schema/context
|
||||
http://www.springframework.org/schema/context/spring-context-4.0.xsd
|
||||
|
@ -27,6 +27,8 @@
|
|||
<import resource="classpath*:/eu/dnetlib/repos/springContext-repos-dms-cached.xml"/>-->
|
||||
|
||||
<context:property-placeholder location="classpath*:/eu/**/application.properties" />
|
||||
<context:annotation-config/>
|
||||
<context:component-scan base-package="eu.dnetlib.repo.manager.service.config"/>
|
||||
<tx:annotation-driven transaction-manager="txManager"/>
|
||||
|
||||
<bean class="eu.dnetlib.repo.manager.service.config.CascadingPropertyLoader" id="propertyLoader">
|
||||
|
|
|
@ -1,179 +0,0 @@
|
|||
<!--
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util" xmlns:task="http://www.springframework.org/schema/task"
|
||||
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd
|
||||
|
||||
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd"
|
||||
default-autowire="byType">
|
||||
|
||||
|
||||
<bean id="webexpressionHandler"
|
||||
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
|
||||
|
||||
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"
|
||||
authentication-manager-ref="authenticationManager"/>
|
||||
|
||||
<security:http auto-config="false" use-expressions="true"
|
||||
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
|
||||
pattern="/**">
|
||||
|
||||
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
|
||||
|
||||
<security:logout />
|
||||
|
||||
</security:http>
|
||||
|
||||
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
|
||||
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
|
||||
</bean>
|
||||
|
||||
<security:authentication-manager alias="authenticationManager">
|
||||
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
|
||||
</security:authentication-manager>
|
||||
|
||||
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
|
||||
<property name="authoritiesMapper">
|
||||
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
|
||||
<property name="admins" ref="namedAdmins" />
|
||||
</bean>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
||||
<!–
|
||||
This is an example of how quantity set up a user as an administrator: they'll be given ROLE_ADMIN in addition quantity ROLE_USER.
|
||||
Note that having an administrator role on the IdP doesn't grant administrator access on this client.
|
||||
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
|
||||
–>
|
||||
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
||||
<constructor-arg name="subject" value="90342.ASDFJWFA" />
|
||||
<constructor-arg name="issuer" value="${oidc.issuer}" />
|
||||
</bean>
|
||||
</util:set>
|
||||
|
||||
<bean class="eu.dnetlib.repo.manager.service.utils.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
|
||||
<property name="frontEndURI" value="${webapp.front}"/>
|
||||
</bean>
|
||||
<!–
|
||||
-
|
||||
- The authentication filter
|
||||
-
|
||||
–>
|
||||
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager" />
|
||||
|
||||
<property name="issuerService" ref="staticIssuerService" />
|
||||
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
|
||||
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
|
||||
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
|
||||
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
|
||||
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
|
||||
|
||||
</bean>
|
||||
|
||||
|
||||
|
||||
<!–
|
||||
-
|
||||
- Issuer Services: Determine which identity provider issuer is used.
|
||||
-
|
||||
–>
|
||||
|
||||
|
||||
<!–
|
||||
Static issuer service, returns the same issuer for every request.
|
||||
–>
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
|
||||
<property name="issuer" value="${oidc.issuer}" />
|
||||
</bean>
|
||||
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.HybridIssuerService" id="hybridIssuerService">
|
||||
<property name="loginPageUrl" value="login" />
|
||||
<property name="forceHttps" value="false" /> <!– this default property forces the webfinger issuer URL quantity be HTTPS, turn off for development work –>
|
||||
</bean>
|
||||
|
||||
<!–
|
||||
Dynamic server configuration, fetches the server's information using OIDC Discovery.
|
||||
–>
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
|
||||
<property name="servers">
|
||||
<map>
|
||||
<entry key="${oidc.issuer}">
|
||||
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
|
||||
<property name="issuer" value="${oidc.issuer}" />
|
||||
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
|
||||
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
|
||||
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
|
||||
<property name="jwksUri" value="${oidc.issuer}jwk" />
|
||||
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
|
||||
</bean>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
|
||||
<!–
|
||||
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
|
||||
–>
|
||||
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
|
||||
<property name="clients">
|
||||
<map>
|
||||
<entry key="${oidc.issuer}">
|
||||
<bean class="org.mitre.oauth2.model.RegisteredClient">
|
||||
<property name="clientId" value="${oidc.id}" />
|
||||
<property name="clientSecret" value="${oidc.secret}" />
|
||||
<property name="scope">
|
||||
<set value-type="java.lang.String">
|
||||
<value>openid</value>
|
||||
</set>
|
||||
</property>
|
||||
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
|
||||
<property name="redirectUris">
|
||||
<set>
|
||||
<value>${webapp.home}</value>
|
||||
</set>
|
||||
</property>
|
||||
</bean>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
|
||||
<!–
|
||||
-
|
||||
- Auth request options service: returns the optional components of the request
|
||||
-
|
||||
–>
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
|
||||
<property name="options">
|
||||
<map>
|
||||
<!– Entries in this map are sent as key-value parameters quantity the auth request –>
|
||||
<!–
|
||||
<entry key="display" value="page" />
|
||||
<entry key="max_age" value="30" />
|
||||
<entry key="prompt" value="none" />
|
||||
–>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!–
|
||||
-
|
||||
- Authorization URL Builders: create the URL quantity redirect the user quantity for authorization.
|
||||
-
|
||||
–>
|
||||
|
||||
<!–
|
||||
Plain authorization request builder, puts all options as query parameters on the GET request
|
||||
–>
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
|
||||
</beans>-->
|
|
@ -101,12 +101,14 @@ topic_types.url = https://beta.services.openaire.eu/provision/mvc/vocabularies/d
|
|||
oidc.issuer = https://aai.openminted.eu/oidc/
|
||||
oidc.id = 24e83176-1312-4ba3-bc0b-ffeebea1603e
|
||||
oidc.secret = U_gLOupYu2trYIOwfxGgZkkZoOHG_zGfaViOUsXcZ7qVQuF1rcJeQYKIDX1TY3z27CIoHaqq9ht2rmAiUmBRYQ
|
||||
webapp.home = http://localhost:8380/repomanager-service/openid_connect_login
|
||||
webapp.front=http://localhost:8380/
|
||||
oidc.home = http://194.177.192.121:8380/repomanager-service-dev/openid_connect_login
|
||||
webapp.home = http://194.177.192.121:8380/repomanager-service-dev/openid_connect_login
|
||||
webapp.dev.front = http://195.134.66.230:3000
|
||||
|
||||
redis.host = 83.212.101.85
|
||||
#redis.port = 6379
|
||||
#redis.password
|
||||
|
||||
redis.host = 194.177.192.121
|
||||
redis.port = 6379
|
||||
redis.password = E#Szvnidd
|
||||
|
||||
services.repomanager.usageStatisticsDiagramsBaseURL = https://beta.openaire.eu/stats3/
|
||||
services.repomanager.usageStatisticsNumbersBaseURL = https://beta.services.openaire.eu/usagestats/datasources/
|
||||
|
|
|
@ -0,0 +1,158 @@
|
|||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:security="http://www.springframework.org/schema/security"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
|
||||
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd"
|
||||
default-autowire="byType">
|
||||
|
||||
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
|
||||
<property name="maxUploadSize" value="268435456"/>
|
||||
</bean>
|
||||
|
||||
<bean id="webexpressionHandler"
|
||||
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
|
||||
|
||||
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
|
||||
|
||||
<security:http auto-config="false" use-expressions="true"
|
||||
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
|
||||
pattern="/**">
|
||||
|
||||
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
|
||||
|
||||
<security:logout />
|
||||
|
||||
</security:http>
|
||||
|
||||
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
|
||||
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
|
||||
</bean>
|
||||
|
||||
<security:authentication-manager alias="authenticationManager">
|
||||
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
|
||||
</security:authentication-manager>
|
||||
|
||||
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
|
||||
<property name="authoritiesMapper">
|
||||
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
|
||||
<property name="admins" ref="namedAdmins" />
|
||||
</bean>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
||||
<!--
|
||||
This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER.
|
||||
Note that having an administrator role on the IdP doesn't grant administrator access on this client.
|
||||
|
||||
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
|
||||
<constructor-arg name="subject" value="subject_value" />
|
||||
<constructor-arg name="issuer" value="${oidc.issuer}" />
|
||||
</bean>
|
||||
</util:set>
|
||||
|
||||
|
||||
<bean class="eu.dnetlib.repo.manager.service.config.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
|
||||
<property name="frontEndURI" value="${webapp.dev.front}"/>
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
-
|
||||
- The authentication filter
|
||||
-
|
||||
-->
|
||||
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager" />
|
||||
|
||||
<property name="issuerService" ref="staticIssuerService" />
|
||||
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
|
||||
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
|
||||
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
|
||||
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
|
||||
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
|
||||
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
Static issuer service, returns the same issuer for every request.
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
|
||||
<property name="issuer" value="${oidc.issuer}" />
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
Dynamic server configuration, fetches the server's information using OIDC Discovery.
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
|
||||
<property name="servers">
|
||||
<map>
|
||||
<entry key="${oidc.issuer}">
|
||||
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
|
||||
<property name="issuer" value="${oidc.issuer}" />
|
||||
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
|
||||
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
|
||||
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
|
||||
<property name="jwksUri" value="${oidc.issuer}jwk" />
|
||||
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
|
||||
</bean>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
|
||||
<!--
|
||||
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
|
||||
<property name="clients">
|
||||
<map>
|
||||
<entry key="${oidc.issuer}">
|
||||
<bean class="org.mitre.oauth2.model.RegisteredClient">
|
||||
<property name="clientId" value="${oidc.id}" />
|
||||
<property name="clientSecret" value="${oidc.secret}" />
|
||||
<property name="scope">
|
||||
<set value-type="java.lang.String">
|
||||
<value>openid</value>
|
||||
</set>
|
||||
</property>
|
||||
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
|
||||
<property name="redirectUris">
|
||||
<set>
|
||||
<value>${oidc.home}</value>
|
||||
</set>
|
||||
</property>
|
||||
</bean>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
|
||||
<!--
|
||||
-
|
||||
- Auth request options service: returns the optional components of the request
|
||||
-
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
|
||||
<property name="options">
|
||||
<map>
|
||||
<!-- Entries in this map are sent as key-value parameters to the auth request -->
|
||||
<!--
|
||||
<entry key="display" value="page" />
|
||||
<entry key="max_age" value="30" />
|
||||
<entry key="prompt" value="none" />
|
||||
-->
|
||||
</map>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
Plain authorization request builder, puts all options as query parameters on the GET request
|
||||
-->
|
||||
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
|
||||
</beans>
|
|
@ -90,4 +90,4 @@
|
|||
<mvc:resources mapping="swagger-ui.html" location="classpath:/META-INF/resources/"/>
|
||||
<mvc:resources mapping="/webjars/**" location="classpath:/META-INF/resources/webjars/"/>
|
||||
<bean class="eu.dnetlib.repo.manager.service.config.SwaggerConfig"/>
|
||||
</beans>
|
||||
</beans>
|
|
@ -11,16 +11,14 @@ log4j.logger.com.opensymphony.xwork2.ObjectFactory = FATAL
|
|||
log4j.logger.eu.dnetlib.repo.manager=DEBUG
|
||||
|
||||
log4j.appender.R=org.apache.log4j.RollingFileAppender
|
||||
#log4j.appender.R.File=/var/log/dnet/repo-manager/repo-manager-gui.log
|
||||
log4j.appender.R.File=/tmp/repo-manager-service.log
|
||||
log4j.appender.R.File=/var/log/dnet45/repomanager-service-dev/repomanager-service.log
|
||||
log4j.appender.R.MaxFileSize=10MB
|
||||
log4j.appender.R.MaxBackupIndex=10
|
||||
log4j.appender.R.layout=org.apache.log4j.PatternLayout
|
||||
log4j.appender.R.layout.ConversionPattern= %d %p %t [%c] - %m%n
|
||||
|
||||
log4j.appender.S=org.apache.log4j.RollingFileAppender
|
||||
#log4j.appender.S.File=/var/log/dnet/repo-manager/repo-manager-gui-spring.log
|
||||
log4j.appender.S.File=/tmp/repo-manager-service-spring.log
|
||||
log4j.appender.S.File=/var/log/dnet45/repomanager-service-dev/repomanager-service-spring.log
|
||||
log4j.appender.S.MaxFileSize=10MB
|
||||
log4j.appender.S.MaxBackupIndex=10
|
||||
log4j.appender.S.layout=org.apache.log4j.PatternLayout
|
||||
|
|
|
@ -2,15 +2,15 @@
|
|||
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:beans="http://www.springframework.org/schema/beans"
|
||||
xmlns:task="http://www.springframework.org/schema/task"
|
||||
xmlns:mvc="http://www.springframework.org/schema/mvc"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
|
||||
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
|
||||
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
|
||||
|
||||
<context:property-placeholder location="classpath*:/eu/**/application.properties" />
|
||||
<context:annotation-config/>
|
||||
<context:property-placeholder location="classpath*:/eu/**/application.properties" />
|
||||
<context:component-scan base-package="eu.dnetlib.repo.manager.service.controllers"/>
|
||||
<mvc:annotation-driven/>
|
||||
<mvc:annotation-driven />
|
||||
|
||||
</beans:beans>
|
|
@ -1,9 +1,53 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd
|
||||
http://xmlns.jcp.org/xml/ns/javaee "
|
||||
version="3.1">
|
||||
<web-app>
|
||||
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>
|
||||
/WEB-INF/applicationContext.xml
|
||||
/WEB-INF/aai-security.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>log4jConfigLocation</param-name>
|
||||
<param-value>/WEB-INF/log4j.properties</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>log4jRefreshInterval</param-name>
|
||||
<param-value>1000</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>log4jExposeWebAppRoot</param-name>
|
||||
<param-value>false</param-value>
|
||||
</context-param>
|
||||
|
||||
<servlet>
|
||||
<servlet-name>spring</servlet-name>
|
||||
<servlet-class>
|
||||
org.springframework.web.servlet.DispatcherServlet
|
||||
</servlet-class>
|
||||
<init-param>
|
||||
<param-name>throwExceptionIfNoHandlerFound</param-name>
|
||||
<param-value>true</param-value>
|
||||
</init-param>
|
||||
<load-on-startup>1</load-on-startup>
|
||||
</servlet>
|
||||
|
||||
<filter>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
|
||||
<init-param>
|
||||
<param-name>contextAttribute</param-name>
|
||||
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
|
||||
<filter>
|
||||
<filter-name>CorsFilter</filter-name>
|
||||
|
@ -27,45 +71,24 @@ http://xmlns.jcp.org/xml/ns/javaee "
|
|||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<context-param>
|
||||
<param-name>log4jConfigLocation</param-name>
|
||||
<param-value>/WEB-INF/log4j.properties</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>log4jRefreshInterval</param-name>
|
||||
<param-value>1000</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>log4jExposeWebAppRoot</param-name>
|
||||
<param-value>false</param-value>
|
||||
</context-param>
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
|
||||
</listener>
|
||||
<filter>
|
||||
<filter-name>springSessionRepositoryFilter</filter-name>
|
||||
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
|
||||
</filter>
|
||||
<filter-mapping>
|
||||
<filter-name>springSessionRepositoryFilter</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
<dispatcher>REQUEST</dispatcher>
|
||||
<dispatcher>ERROR</dispatcher>
|
||||
</filter-mapping>
|
||||
|
||||
|
||||
<listener>
|
||||
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
|
||||
</listener>
|
||||
|
||||
<context-param>
|
||||
<param-name>contextConfigLocation</param-name>
|
||||
<param-value>/WEB-INF/applicationContext.xml
|
||||
</param-value>
|
||||
</context-param>
|
||||
|
||||
|
||||
<servlet>
|
||||
<servlet-name>spring</servlet-name>
|
||||
<servlet-class>
|
||||
org.springframework.web.servlet.DispatcherServlet
|
||||
</servlet-class>
|
||||
<load-on-startup>1</load-on-startup>
|
||||
</servlet>
|
||||
<filter-mapping>
|
||||
<filter-name>springSecurityFilterChain</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<servlet-mapping>
|
||||
<servlet-name>spring</servlet-name>
|
||||
<url-pattern>/</url-pattern>
|
||||
</servlet-mapping>
|
||||
|
||||
</web-app>
|
||||
</web-app>
|
||||
|
|
Loading…
Reference in New Issue