Finalized security, distinguish between internal and external users, etc

This commit is contained in:
Nikolaos Laskaris 2017-10-20 13:03:55 +03:00
parent 08a4abc9ff
commit 2364d10c0e
10 changed files with 97 additions and 23 deletions

View File

@ -9,7 +9,10 @@ public interface UserInfoDao extends Dao<UserInfo, UUID> {
public UserInfo getByIdAndMail(String identification, String email);
public UserInfo getByMail(String email);
public UserInfo getByAuthenticationId(String authentication);
public UserInfo getByUsername(String username);
}

View File

@ -50,4 +50,38 @@ public class UserInfoDaoImpl extends JpaDao<UserInfo, UUID> implements UserInfoD
}
@Override
public UserInfo getByMail(String email) {
String queryString = "FROM UserInfo userInfo where userInfo.email = :email";
TypedQuery<UserInfo> typedQuery = entityManager.createQuery(queryString, UserInfo.class);
typedQuery.setParameter("email", email);
try {
return typedQuery.getSingleResult();
}
catch(Exception ex) { //no need to distinguish between exceptions for the moment
return null;
}
}
@Override
public UserInfo getByUsername(String username) {
String queryString = "select ui from UserInfo ui join UserAuth ui.authentication ua where ua.username=:username";
TypedQuery<UserInfo> typedQuery = entityManager.createQuery(queryString, UserInfo.class);
typedQuery.setParameter("username", username);
try {
return typedQuery.getSingleResult();
}
catch(Exception ex) { //no need to distinguish between exceptions for the moment
return null;
}
}
}

View File

@ -241,6 +241,7 @@ public class DMPs {
dMPDao.delete(d);
return ResponseEntity.status(HttpStatus.CREATED).body("DELETED!");
} catch (Exception e) {
e.printStackTrace();
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("{\"msg\":\"Could not Delete DMP!\"");
}
@ -249,8 +250,6 @@ public class DMPs {
// OLD ONES, USED BY THE EMBEDDED (simple) UI OF THIS SERVICE
@RequestMapping(method = RequestMethod.POST, value = { "/setDMPByForm" }, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE, produces="text/plain")
public @ResponseBody ResponseEntity<Object> setDMPByForm(@RequestBody MultiValueMap<String,String> formData) {

View File

@ -4,6 +4,7 @@ import java.io.IOException;
import java.io.PrintStream;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.transaction.Transactional;
@ -45,6 +46,7 @@ import entities.Dataset;
import entities.DatasetProfile;
import entities.DatasetProfileRuleset;
import entities.DatasetProfileViewstyle;
import entities.Organisation;
import entities.Project;
import helpers.Transformers;
import responses.RestResponse;
@ -101,13 +103,25 @@ public class Datasets {
*/
@RequestMapping(method = RequestMethod.GET, value = { "/getAllDatasets" })
public @ResponseBody ResponseEntity<Object> getAllDatasets(){
try {
List<Dataset> allDatasets = datasetDao.getAll();
return ResponseEntity.status(HttpStatus.OK).body(new ObjectMapper().writeValueAsString(allDatasets));
//sorry for that, spring-jersey serialisation has issues when performed on tables, so -> custom
List<String> datasetsStrL = allDatasets.parallelStream().map((datasetObj) -> {
try {
return objectMapper.writeValueAsString(datasetObj);
} catch (JsonProcessingException e) {
return "";
}
}).collect(Collectors.toList());
return new ResponseEntity<Object>("["+String.join(",", datasetsStrL)+"]", HttpStatus.OK);
}
catch(Exception ex) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Serialization issue: "+ex.getMessage());
return new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
}
}

View File

@ -154,6 +154,7 @@ public class Projects {
projectDao.delete(p);
return ResponseEntity.status(HttpStatus.CREATED).body("{\"msg\":\"Deleted Project entity!\"}");
} catch (Exception e) {
e.printStackTrace();
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("{\"msg\":\"Could not Delete Project!\"}");
}

View File

@ -44,18 +44,14 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
else
throw new AuthenticationServiceException("The appropriate http headers have not been set. Please check!");
UserInfo userInfo;
try {
tokenValidator.validateToken(token);
userInfo = tokenValidator.validateToken(token);
} catch (NonValidTokenException e) {
System.out.println("Could not validate a user by his token! Reason: "+e.getMessage());
throw new AuthenticationServiceException("Token validation failed - Not a valid token");
}
//store to database if new
// UserInfo existingUserInfo = userInfoDao.getByKey(userInfo.getId(), userInfo.getEmail());
// if(existingUserInfo == null)
// userInfoDao.create(userInfo);
// if reached this point, authentication is ok, so return just an instance with whatever.
return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>());

View File

@ -3,8 +3,11 @@ package security.validators;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
@ -12,6 +15,7 @@ import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import dao.entities.UserInfoDao;
import entities.UserInfo;
import exceptions.NonValidTokenException;
@ -20,9 +24,12 @@ public class GoogleTokenValidator implements TokenValidator {
private static final JacksonFactory jacksonFactory = new JacksonFactory();
private static final HttpTransport transport = new NetHttpTransport();
@Autowired private UserInfoDao userInfoDao;
private static final List<String> clientIDs = Arrays.asList(
"1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com",
""
"1010962018903-glegmqudqtl1lub0150vacopbu06lgsg.apps.googleusercontent.com"
);
private GoogleIdTokenVerifier verifier = null;
@ -38,7 +45,7 @@ public class GoogleTokenValidator implements TokenValidator {
@Override
public void validateToken(String token) throws NonValidTokenException {
public UserInfo validateToken(String token) throws NonValidTokenException {
GoogleIdToken idToken = null;
try {
@ -57,14 +64,28 @@ public class GoogleTokenValidator implements TokenValidator {
if(idToken == null) {
throw new NonValidTokenException("Not a valid token");
}
// else {
// Payload payload = idToken.getPayload();
// UserInfo userInfo = new UserInfo(payload.getSubject(), payload.getEmail(),
// payload.getEmailVerified(), (String)payload.get("name"), (String)payload.get("picture"),
// (String)payload.get("locale"), (String)payload.get("family_name"), (String)payload.get("given_name"), "");
// System.out.println(userInfo.toString());
// return userInfo;
// }
Payload payload = idToken.getPayload();
UserInfo userInfo = userInfoDao.getByMail(payload.getEmail());
if(userInfo == null) { //means not existing in db, so create one
userInfo = new UserInfo();
userInfo.setName((String)payload.get("name"));
userInfo.setVerified_email(payload.getEmailVerified());
userInfo.setEmail(payload.getEmail());
userInfo.setCreated(new Date());
userInfo.setLastloggedin(new Date());
userInfo.setAuthorization_level(new Short("1"));
userInfo.setUsertype(new Short("1"));
userInfo = userInfoDao.create(userInfo);
}
else {
userInfo.setLastloggedin(new Date());
userInfo = userInfoDao.update(userInfo);
}
return userInfo;
}

View File

@ -2,18 +2,22 @@ package security.validators;
import org.springframework.beans.factory.annotation.Autowired;
import dao.entities.UserInfoDao;
import entities.UserInfo;
import exceptions.NonValidTokenException;
import security.TokenSessionManager;
public class NativeTokenValidator implements TokenValidator {
@Autowired private TokenSessionManager tokenSessionManager;
@Autowired private UserInfoDao userInfoDao;
@Override
public void validateToken(String token) throws NonValidTokenException {
public UserInfo validateToken(String token) throws NonValidTokenException {
String tokenUser = tokenSessionManager.getUser(token);
if(tokenUser==null || tokenUser.isEmpty())
throw new NonValidTokenException("Login session has expired! Need to login again!");
return userInfoDao.getByUsername(tokenUser);
}

View File

@ -1,9 +1,10 @@
package security.validators;
import entities.UserInfo;
import exceptions.NonValidTokenException;
public interface TokenValidator {
public void validateToken(String token) throws NonValidTokenException;
public UserInfo validateToken(String token) throws NonValidTokenException;
}

View File

@ -68,6 +68,7 @@
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml,/WEB-INF/spring-security.xml</param-value>
<!-- <param-value>/WEB-INF/applicationContext.xml</param-value> -->
</context-param>
<session-config>
<session-timeout>30</session-timeout>