Add Deposit Security

2023-10-26 18:04:55 +03:00 · 2023-10-26 18:04:55 +03:00 · d983e1e38e
parent aecac1995d
commit d983e1e38e
3 changed files with 69 additions and 11 deletions
--- a/dmp-backend/core/src/main/java/eu/eudat/configurations/DepositConfiguration.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/configurations/DepositConfiguration.java
@ -7,6 +7,14 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
+import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.web.reactive.function.client.WebClient;

 import java.util.ArrayList;
@ -27,8 +35,20 @@ public class DepositConfiguration {
    @Qualifier("depositClients")
    public List<RepositoryDeposit> depositClients() {
        List<RepositoryDeposit> clients = new ArrayList<>();
-        for (String url: properties.getUrls()) {
-            clients.add(new DepositRepository(WebClient.builder().baseUrl(url + "/api/deposit").build()));
+        for (DepositProperties.DepositSource source: properties.getSources()) {
+            ClientRegistration clientRegistration = ClientRegistration
+                    .withRegistrationId(source.getClientId())
+                    .clientId(source.getClientId())
+                    .clientSecret(source.getClientSecret())
+                    .scope(source.getScope())
+                    .issuerUri(source.getIssuerUrl())
+                    .authorizationGrantType(AuthorizationGrantType.JWT_BEARER)
+                    .build();
+            ReactiveClientRegistrationRepository clientRegistrationRepository = new InMemoryReactiveClientRegistrationRepository(clientRegistration);
+            ReactiveOAuth2AuthorizedClientService clientService = new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrationRepository);
+            AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, clientService);
+            ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
+            clients.add(new DepositRepository(WebClient.builder().baseUrl(source.getUrl() + "/api/deposit").filters(exchangeFilterFunctions -> exchangeFilterFunctions.add(oauth)).build()));
        }
        return clients;
    }
--- a/dmp-backend/core/src/main/java/eu/eudat/configurations/DepositProperties.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/configurations/DepositProperties.java
@ -8,18 +8,52 @@ import java.util.List;
@ConfigurationProperties(prefix = "deposit")
 public class DepositProperties {

-    private List<String> urls;
+    private final List<DepositSource> sources;

    @ConstructorBinding
-    public DepositProperties(List<String> urls) {
-        this.urls = urls;
+    public DepositProperties(List<DepositSource> sources) {
+        this.sources = sources;
    }

-    public List<String> getUrls() {
-        return urls;
+    public List<DepositSource> getSources() {
+        return sources;
    }

-    public void setUrls(List<String> urls) {
-        this.urls = urls;
+    public static class DepositSource {
+
+        private final String url;
+        private final String issuerUrl;
+        private final String clientId;
+        private final String clientSecret;
+        private final String scope;
+
+        @ConstructorBinding
+        public DepositSource(String url, String issuerUrl, String clientId, String clientSecret, String scope) {
+            this.url = url;
+            this.issuerUrl = issuerUrl;
+            this.clientId = clientId;
+            this.clientSecret = clientSecret;
+            this.scope = scope;
+        }
+
+        public String getUrl() {
+            return url;
+        }
+
+        public String getIssuerUrl() {
+            return issuerUrl;
+        }
+
+        public String getClientId() {
+            return clientId;
+        }
+
+        public String getClientSecret() {
+            return clientSecret;
+        }
+
+        public String getScope() {
+            return scope;
+        }
    }
 }
--- a/dmp-backend/web/src/main/resources/config/deposit.yml
+++ b/dmp-backend/web/src/main/resources/config/deposit.yml
@ -1,3 +1,7 @@
 deposit:
-  urls:
-    - http://localhost:8080
+  sources:
+    - url: http://localhost:8082
+      issuer-url: ${ZENODO_ISSUER_URI:IDP_APIKEY_ISSUER_URI}
+      client-id: ${ZENODO_DEPOSIT_CLIENT_ID:}
+      client-secret: ${ZENODO_DEPOSIT_CLIENT_SECRET:}
+      scope: ${ZENODO_DEPOSIT_SCOPE:}