MaDgIK
/
uoa-repository-manager-service
13
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Configure aai / redis

This commit is contained in:
Panagiotis Kanakakis 2018-03-14 14:47:14 +00:00
parent edd2e4aa02
commit daac1ae6cd
16 changed files with 464 additions and 331 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
pom.xml
View File

@ -15,52 +15,6 @@
<packaging>war</packaging>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
<!--<plugin>
<groupId>cz.habarta.typescript-generator</groupId>
<artifactId>typescript-generator-maven-plugin</artifactId>
<version>1.29.366</version>
<executions>
<execution>
<id>generate1</id>
<goals>
<goal>generate</goal>
</goals>
<configuration>
<jsonLibrary>jackson2</jsonLibrary>
<outputFileType>implementationFile</outputFileType>
<mapClasses>asClasses</mapClasses>
<classPatterns>
<pattern>eu.dnetlib.domain.data.*</pattern>
</classPatterns>
<outputFile>target/typeScriptClasses.ts</outputFile>
<outputKind>module</outputKind>
</configuration>
</execution>
</executions>
</plugin>-->
</plugins>
</build>
<dependencies>
<dependency>
@ -231,8 +185,13 @@
<version>LATEST</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>LATEST</version>
</dependency>
<!--<dependency>
<dependency>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-client</artifactId>
<version>1.3.0</version>
@ -242,21 +201,117 @@
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>-->
</dependency>
<!--<dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
<version>1.3.1.RELEASE</version>
<type>pom</type>
</dependency>
<!-- https://mvnrepository.com/artifact/redis.clients/jedis -->
<dependency>
<groupId>biz.paluch.redis</groupId>
<artifactId>lettuce</artifactId>
<version>3.5.0.Final</version>
</dependency>-->
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<version>2.9.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
<plugin>
<groupId>com.googlecode.maven-download-plugin</groupId>
<artifactId>download-maven-plugin</artifactId>
<version>1.3.0</version>
<executions>
<execution>
<phase>process-resources</phase>
<goals>
<goal>wget</goal>
</goals>
<configuration>
<url>
https://github.com/ostranme/swagger-ui-themes/archive/v3.0.0.zip
</url>
<unpack>true</unpack>
<outputDirectory>${project.build.directory}</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<version>1.8</version>
<executions>
<execution>
<phase>prepare-package</phase>
<!--<goals>
<goal>run</goal>
</goals>-->
<configuration>
<tasks>
<sequential>
<echo>Add theme</echo>
<replace token="&lt;/head&gt;"
value="&lt;link href='webjars/springfox-swagger-ui/themes/2.x/theme-feeling-blue.css' rel=&quot;stylesheet&quot;/&gt;&lt;/head&gt;"
dir="${project.build.directory}/classes/META-INF/resources">
<include name="swagger-ui.html"/>
</replace>
</sequential>
</tasks>
</configuration>
</execution>
</executions>
</plugin>
<!--<plugin>
<groupId>cz.habarta.typescript-generator</groupId>
<artifactId>typescript-generator-maven-plugin</artifactId>
<version>1.29.366</version>
<executions>
<execution>
<id>generate1</id>
<goals>
<goal>generate</goal>
</goals>
<configuration>
<jsonLibrary>jackson2</jsonLibrary>
<outputFileType>implementationFile</outputFileType>
<mapClasses>asClasses</mapClasses>
<classPatterns>
<pattern>eu.dnetlib.domain.data.*</pattern>
</classPatterns>
<outputFile>target/typeScriptClasses.ts</outputFile>
<outputKind>module</outputKind>
</configuration>
</execution>
</executions>
</plugin>-->
</plugins>
</build>
</project>

30
src/main/java/eu/dnetlib/repo/manager/service/utils/Config.java → src/main/java/eu/dnetlib/repo/manager/service/config/Config.java
View File

@ -1,28 +1,28 @@
/*
package eu.dnetlib.repo.manager.service.utils;
package eu.dnetlib.repo.manager.service.config;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
import javax.annotation.PostConstruct;
import java.util.logging.Logger;
@Configuration
@EnableRedisHttpSession
@PropertySource(value = { "classpath:eu/dnetlib/repo/manager/service/application.properties", "classpath:application.properties"} )
@ComponentScan(basePackages = "eu.dnetlib.repo.manager")
@PropertySource(value = { "classpath:eu/dnetlib/repo/manager/service/application.properties"} )
@ComponentScan(basePackages = "eu.dnetlib.repo.manager.service.controllers")
public class Config {
private static Logger LOGGER = Logger.getLogger(String.valueOf(Config.class));
private static Logger LOGGER = Logger.getLogger(Config.class);
@Value("${redis.host}")
@Value("${redis.host:194.177.192.121}")
private String host;
@Value("${redis.port:6379}")
@ -37,11 +37,13 @@ public class Config {
}
@Bean
public LettuceConnectionFactory connectionFactory() {
LOGGER.info(String.format("Redis connection listens to %s:%s",host,port));
LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));
if(password != null) factory.setPassword(password);
return factory;
JedisConnectionFactory connectionFactory() {
LOGGER.info(String.format("Redis : %s Port : %s Password : %s",host,port,password));
JedisConnectionFactory jedisConnectionFactory = new JedisConnectionFactory();
jedisConnectionFactory.setHostName(host);
jedisConnectionFactory.setPort(Integer.parseInt(port));
if(password != null) jedisConnectionFactory.setPassword(password);
return jedisConnectionFactory;
}
@Bean
@ -49,8 +51,8 @@ public class Config {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setCookieName("SESSION"); // <1>
serializer.setCookiePath("/"); // <2>
LOGGER.info("Serializer : " + serializer);
return serializer;
}
}
*/

18
src/main/java/eu/dnetlib/repo/manager/service/utils/FrontEndLinkURIAuthenticationSuccessHandler.java → src/main/java/eu/dnetlib/repo/manager/service/config/FrontEndLinkURIAuthenticationSuccessHandler.java
View File

@ -1,10 +1,11 @@
/*
package eu.dnetlib.repo.manager.service.utils;
package eu.dnetlib.repo.manager.service.config;
import org.apache.log4j.Logger;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import javax.annotation.PostConstruct;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
@ -15,8 +16,20 @@ public class FrontEndLinkURIAuthenticationSuccessHandler implements Authenticati
private String frontEndURI;
private static final Logger LOGGER = Logger
.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class);
@PostConstruct
public void init(){
LOGGER.debug(frontEndURI);
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
LOGGER.info(request);
LOGGER.info(response);
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
Cookie sessionCookie = new Cookie("currentUser", authOIDC.getSub());
int expireSec = -1;
@ -35,4 +48,3 @@ public class FrontEndLinkURIAuthenticationSuccessHandler implements Authenticati
}
}
*/

5
src/main/java/eu/dnetlib/repo/manager/service/controllers/RepositoryApi.java
View File

@ -94,6 +94,11 @@ public interface RepositoryApi {
@ResponseBody
List<Timezone> getTimezones();
@RequestMapping(value = "/updateRepository", method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
Repository updateRepository(Repository repository);
@RequestMapping(value = "/updateManagedStatus", method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody

15
src/main/java/eu/dnetlib/repo/manager/service/controllers/RepositoryApiImpl.java
View File

@ -337,12 +337,15 @@ public class RepositoryApiImpl implements RepositoryApi {
return repository;
}
private void updateRepository(Repository repository) {
this.updateRegisteredByValue(repository.getId(),repository.getRegisteredBy());
this.updateEnglishName(repository.getId(),repository.getOfficialName(),repository.getEnglishName());
this.updateLogoUrl(repository.getId(),repository.getLogoUrl());
this.updateTimezone(repository.getId(), String.valueOf(repository.getTimezone()));
//TODO update datasource type
@Override
public Repository updateRepository(@RequestBody Repository repository) {
/*UriComponents uriComponents = UriComponentsBuilder
.fromHttpUrl(baseAddress + "/ds/update/")
.build()
.encode();*/
return null;
}
private void updateRegisteredByValue(String id, String registeredBy) {

9
src/main/java/eu/dnetlib/repo/manager/service/controllers/UserApi.java
View File

@ -1,23 +1,18 @@
/*
package eu.dnetlib.repo.manager.service.controllers;
import io.swagger.annotations.Api;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@RestController
@RequestMapping(value = "/user")
@Api(description = "User API", tags = {"user"})
public interface UserApi {
@RequestMapping(value = "/login" , method = RequestMethod.GET)
void login(HttpServletRequest req,
HttpServletResponse resp);
ResponseEntity<Object> login();
}
*/

34
src/main/java/eu/dnetlib/repo/manager/service/controllers/UserApiImpl.java
View File

@ -1,11 +1,18 @@
/*
package eu.dnetlib.repo.manager.service.controllers;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
@Component
public class UserApiImpl implements UserApi {
@ -17,11 +24,20 @@ public class UserApiImpl implements UserApi {
private String oidc_issuer;
@Override
public void login(HttpServletRequest req,
HttpServletResponse resp) {
LOGGER.debug(oidc_issuer);
resp.setStatus(HttpServletResponse.SC_FOUND);
resp.setHeader("Location", oidc_issuer);
@PreAuthorize("hasRole('ROLE_USER')")
public ResponseEntity<Object> login() {
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
LOGGER.debug("User authentication : " + authentication);
Map<String,Object> body = new HashMap<>();
body.put("sub",authentication.getSub());
if(authentication.getUserInfo().getName() == null || authentication.getUserInfo().getName().equals("")) {
body.put("name",authentication.getUserInfo().getGivenName() + " " + authentication.getUserInfo().getFamilyName());
} else {
body.put("name",authentication.getUserInfo().getName());
}
body.put("email",authentication.getUserInfo().getEmail());
List<String> roles = authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
body.put("role",roles);
return new ResponseEntity<>(body, HttpStatus.OK);
}
}
*/

41
src/main/java/eu/dnetlib/repo/manager/service/utils/OMTDAuthoritiesMapper.java Normal file
View File

@ -0,0 +1,41 @@
package eu.dnetlib.repo.manager.service.utils;
import com.nimbusds.jwt.JWT;
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;
import org.mitre.openid.connect.model.UserInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import java.util.*;
public class OMTDAuthoritiesMapper implements OIDCAuthoritiesMapper {
private static Logger logger = LoggerFactory.getLogger(OMTDAuthoritiesMapper.class);
final private static String ROLE_CLAIMS = "edu_person_entitlements";
private Map<String,SimpleGrantedAuthority> userRolesMap;
OMTDAuthoritiesMapper(Map<String,String> userRoles) {
userRolesMap = new HashMap<>();
userRoles.forEach((omtdRole, appRole) -> userRolesMap.put(omtdRole, new SimpleGrantedAuthority(appRole)));
}
@Override
public Collection<? extends GrantedAuthority> mapAuthorities(JWT idToken, UserInfo userInfo) {
Set<GrantedAuthority> out = new HashSet<>();
out.add(new SimpleGrantedAuthority("ROLE_USER"));
if(userInfo.getSource().getAsJsonArray(ROLE_CLAIMS) != null) {
userInfo.getSource().getAsJsonArray(ROLE_CLAIMS).forEach(role -> {
SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString());
if (authority != null) {
logger.debug("Role mapped " + role);
out.add(authority);
}
});
}
return out;
}
}

10
src/main/resources/application-context.xml
View File

@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:task="http://www.springframework.org/schema/task" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:task="http://www.springframework.org/schema/task" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
@ -27,6 +27,8 @@
<import resource="classpath*:/eu/dnetlib/repos/springContext-repos-dms-cached.xml"/>-->
<context:property-placeholder location="classpath*:/eu/**/application.properties" />
<context:annotation-config/>
<context:component-scan base-package="eu.dnetlib.repo.manager.service.config"/>
<tx:annotation-driven transaction-manager="txManager"/>
<bean class="eu.dnetlib.repo.manager.service.config.CascadingPropertyLoader" id="propertyLoader">

179
src/main/resources/eu/dnetlib/repo/manager/service/aai-security.xml
View File

@ -1,179 +0,0 @@
<!--
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util" xmlns:task="http://www.springframework.org/schema/task"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd"
default-autowire="byType">
<bean id="webexpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"
authentication-manager-ref="authenticationManager"/>
<security:http auto-config="false" use-expressions="true"
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
pattern="/**">
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
<security:logout />
</security:http>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
</security:authentication-manager>
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
<property name="authoritiesMapper">
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
<property name="admins" ref="namedAdmins" />
</bean>
</property>
</bean>
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
&lt;!&ndash;
This is an example of how quantity set up a user as an administrator: they'll be given ROLE_ADMIN in addition quantity ROLE_USER.
Note that having an administrator role on the IdP doesn't grant administrator access on this client.
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
&ndash;&gt;
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
<constructor-arg name="subject" value="90342.ASDFJWFA" />
<constructor-arg name="issuer" value="${oidc.issuer}" />
</bean>
</util:set>
<bean class="eu.dnetlib.repo.manager.service.utils.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
<property name="frontEndURI" value="${webapp.front}"/>
</bean>
&lt;!&ndash;
-
- The authentication filter
-
&ndash;&gt;
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="issuerService" ref="staticIssuerService" />
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
</bean>
&lt;!&ndash;
-
- Issuer Services: Determine which identity provider issuer is used.
-
&ndash;&gt;
&lt;!&ndash;
Static issuer service, returns the same issuer for every request.
&ndash;&gt;
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
<property name="issuer" value="${oidc.issuer}" />
</bean>
<bean class="org.mitre.openid.connect.client.service.impl.HybridIssuerService" id="hybridIssuerService">
<property name="loginPageUrl" value="login" />
<property name="forceHttps" value="false" /> &lt;!&ndash; this default property forces the webfinger issuer URL quantity be HTTPS, turn off for development work &ndash;&gt;
</bean>
&lt;!&ndash;
Dynamic server configuration, fetches the server's information using OIDC Discovery.
&ndash;&gt;
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
<property name="servers">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
<property name="issuer" value="${oidc.issuer}" />
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
<property name="jwksUri" value="${oidc.issuer}jwk" />
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
</bean>
</entry>
</map>
</property>
</bean>
&lt;!&ndash;
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
&ndash;&gt;
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="${oidc.id}" />
<property name="clientSecret" value="${oidc.secret}" />
<property name="scope">
<set value-type="java.lang.String">
<value>openid</value>
</set>
</property>
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
<property name="redirectUris">
<set>
<value>${webapp.home}</value>
</set>
</property>
</bean>
</entry>
</map>
</property>
</bean>
&lt;!&ndash;
-
- Auth request options service: returns the optional components of the request
-
&ndash;&gt;
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
<property name="options">
<map>
&lt;!&ndash; Entries in this map are sent as key-value parameters quantity the auth request &ndash;&gt;
&lt;!&ndash;
<entry key="display" value="page" />
<entry key="max_age" value="30" />
<entry key="prompt" value="none" />
&ndash;&gt;
</map>
</property>
</bean>
&lt;!&ndash;
-
- Authorization URL Builders: create the URL quantity redirect the user quantity for authorization.
-
&ndash;&gt;
&lt;!&ndash;
Plain authorization request builder, puts all options as query parameters on the GET request
&ndash;&gt;
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
</beans>-->

12
src/main/resources/eu/dnetlib/repo/manager/service/application.properties
View File

@ -101,12 +101,14 @@ topic_types.url = https://beta.services.openaire.eu/provision/mvc/vocabularies/d
oidc.issuer = https://aai.openminted.eu/oidc/
oidc.id = 24e83176-1312-4ba3-bc0b-ffeebea1603e
oidc.secret = U_gLOupYu2trYIOwfxGgZkkZoOHG_zGfaViOUsXcZ7qVQuF1rcJeQYKIDX1TY3z27CIoHaqq9ht2rmAiUmBRYQ
webapp.home = http://localhost:8380/repomanager-service/openid_connect_login
webapp.front=http://localhost:8380/
oidc.home = http://194.177.192.121:8380/repomanager-service-dev/openid_connect_login
webapp.home = http://194.177.192.121:8380/repomanager-service-dev/openid_connect_login
webapp.dev.front = http://195.134.66.230:3000
redis.host = 83.212.101.85
#redis.port = 6379
#redis.password
redis.host = 194.177.192.121
redis.port = 6379
redis.password = E#Szvnidd
services.repomanager.usageStatisticsDiagramsBaseURL = https://beta.openaire.eu/stats3/
services.repomanager.usageStatisticsNumbersBaseURL = https://beta.services.openaire.eu/usagestats/datasources/

158
src/main/webapp/WEB-INF/aai-security.xml Normal file
View File

@ -0,0 +1,158 @@
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd"
default-autowire="byType">
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="268435456"/>
</bean>
<bean id="webexpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
<security:http auto-config="false" use-expressions="true"
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
pattern="/**">
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
<security:logout />
</security:http>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
<constructor-arg type="java.lang.String" value="/openid_connect_login"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="openIdConnectAuthenticationProvider" />
</security:authentication-manager>
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
<property name="authoritiesMapper">
<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
<property name="admins" ref="namedAdmins" />
</bean>
</property>
</bean>
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
<!--
This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER.
Note that having an administrator role on the IdP doesn't grant administrator access on this client.
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
-->
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
<constructor-arg name="subject" value="subject_value" />
<constructor-arg name="issuer" value="${oidc.issuer}" />
</bean>
</util:set>
<bean class="eu.dnetlib.repo.manager.service.config.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
<property name="frontEndURI" value="${webapp.dev.front}"/>
</bean>
<!--
-
- The authentication filter
-
-->
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="issuerService" ref="staticIssuerService" />
<property name="serverConfigurationService" ref="staticServerConfigurationService" />
<property name="clientConfigurationService" ref="staticClientConfigurationService" />
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
</bean>
<!--
Static issuer service, returns the same issuer for every request.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
<property name="issuer" value="${oidc.issuer}" />
</bean>
<!--
Dynamic server configuration, fetches the server's information using OIDC Discovery.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
<property name="servers">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.openid.connect.config.ServerConfiguration">
<property name="issuer" value="${oidc.issuer}" />
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" />
<property name="tokenEndpointUri" value="${oidc.issuer}token" />
<property name="userInfoUri" value="${oidc.issuer}userinfo" />
<property name="jwksUri" value="${oidc.issuer}jwk" />
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
</bean>
</entry>
</map>
</property>
</bean>
<!--
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
<property name="clients">
<map>
<entry key="${oidc.issuer}">
<bean class="org.mitre.oauth2.model.RegisteredClient">
<property name="clientId" value="${oidc.id}" />
<property name="clientSecret" value="${oidc.secret}" />
<property name="scope">
<set value-type="java.lang.String">
<value>openid</value>
</set>
</property>
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
<property name="redirectUris">
<set>
<value>${oidc.home}</value>
</set>
</property>
</bean>
</entry>
</map>
</property>
</bean>
<!--
-
- Auth request options service: returns the optional components of the request
-
-->
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
<property name="options">
<map>
<!-- Entries in this map are sent as key-value parameters to the auth request -->
<!--
<entry key="display" value="page" />
<entry key="max_age" value="30" />
<entry key="prompt" value="none" />
-->
</map>
</property>
</bean>
<!--
Plain authorization request builder, puts all options as query parameters on the GET request
-->
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
</beans>

2
src/main/webapp/WEB-INF/applicationContext.xml
View File

@ -90,4 +90,4 @@
<mvc:resources mapping="swagger-ui.html" location="classpath:/META-INF/resources/"/>
<mvc:resources mapping="/webjars/**" location="classpath:/META-INF/resources/webjars/"/>
<bean class="eu.dnetlib.repo.manager.service.config.SwaggerConfig"/>
</beans>
</beans>

6
src/main/webapp/WEB-INF/log4j.properties
View File

@ -11,16 +11,14 @@ log4j.logger.com.opensymphony.xwork2.ObjectFactory = FATAL
log4j.logger.eu.dnetlib.repo.manager=DEBUG
log4j.appender.R=org.apache.log4j.RollingFileAppender
#log4j.appender.R.File=/var/log/dnet/repo-manager/repo-manager-gui.log
log4j.appender.R.File=/tmp/repo-manager-service.log
log4j.appender.R.File=/var/log/dnet45/repomanager-service-dev/repomanager-service.log
log4j.appender.R.MaxFileSize=10MB
log4j.appender.R.MaxBackupIndex=10
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern= %d %p %t [%c] - %m%n
log4j.appender.S=org.apache.log4j.RollingFileAppender
#log4j.appender.S.File=/var/log/dnet/repo-manager/repo-manager-gui-spring.log
log4j.appender.S.File=/tmp/repo-manager-service-spring.log
log4j.appender.S.File=/var/log/dnet45/repomanager-service-dev/repomanager-service-spring.log
log4j.appender.S.MaxFileSize=10MB
log4j.appender.S.MaxBackupIndex=10
log4j.appender.S.layout=org.apache.log4j.PatternLayout

8
src/main/webapp/WEB-INF/spring-servlet.xml
View File

@ -2,15 +2,15 @@
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<context:property-placeholder location="classpath*:/eu/**/application.properties" />
<context:annotation-config/>
<context:property-placeholder location="classpath*:/eu/**/application.properties" />
<context:component-scan base-package="eu.dnetlib.repo.manager.service.controllers"/>
<mvc:annotation-driven/>
<mvc:annotation-driven />
</beans:beans>

105
src/main/webapp/WEB-INF/web.xml
View File

@ -1,9 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd
http://xmlns.jcp.org/xml/ns/javaee "
version="3.1">
<web-app>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/aai-security.xml
</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/log4j.properties</param-value>
</context-param>
<context-param>
<param-name>log4jRefreshInterval</param-name>
<param-value>1000</param-value>
</context-param>
<context-param>
<param-name>log4jExposeWebAppRoot</param-name>
<param-value>false</param-value>
</context-param>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<init-param>
<param-name>throwExceptionIfNoHandlerFound</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
</init-param>
</filter>
<filter>
<filter-name>CorsFilter</filter-name>
@ -27,45 +71,24 @@ http://xmlns.jcp.org/xml/ns/javaee "
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/log4j.properties</param-value>
</context-param>
<context-param>
<param-name>log4jRefreshInterval</param-name>
<param-value>1000</param-value>
</context-param>
<context-param>
<param-name>log4jExposeWebAppRoot</param-name>
<param-value>false</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<filter>
<filter-name>springSessionRepositoryFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSessionRepositoryFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
</web-app>