Add Deposit Security

2023-10-26 18:04:55 +03:00 · 2023-10-26 18:04:55 +03:00 · d983e1e38e
parent aecac1995d
commit d983e1e38e
3 changed files with 69 additions and 11 deletions
--- a/dmp-backend/core/src/main/java/eu/eudat/configurations/DepositConfiguration.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/configurations/DepositConfiguration.java
@ -7,6 +7,14 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.web.reactive.function.client.WebClient;
 import java.util.ArrayList;
@ -27,8 +35,20 @@ public class DepositConfiguration {
    @Qualifier("depositClients")
    public List<RepositoryDeposit> depositClients() {
        List<RepositoryDeposit> clients = new ArrayList<>();
-        for (String url: properties.getUrls()) {
+        for (DepositProperties.DepositSource source: properties.getSources()) {
-            clients.add(new DepositRepository(WebClient.builder().baseUrl(url + "/api/deposit").build()));
+            ClientRegistration clientRegistration = ClientRegistration
                    .withRegistrationId(source.getClientId())
                    .clientId(source.getClientId())
                    .clientSecret(source.getClientSecret())
                    .scope(source.getScope())
                    .issuerUri(source.getIssuerUrl())
                    .authorizationGrantType(AuthorizationGrantType.JWT_BEARER)
                    .build();
            ReactiveClientRegistrationRepository clientRegistrationRepository = new InMemoryReactiveClientRegistrationRepository(clientRegistration);
            ReactiveOAuth2AuthorizedClientService clientService = new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrationRepository);
            AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager authorizedClientManager = new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(clientRegistrationRepository, clientService);
            ServerOAuth2AuthorizedClientExchangeFilterFunction oauth = new ServerOAuth2AuthorizedClientExchangeFilterFunction(authorizedClientManager);
            clients.add(new DepositRepository(WebClient.builder().baseUrl(source.getUrl() + "/api/deposit").filters(exchangeFilterFunctions -> exchangeFilterFunctions.add(oauth)).build()));
        }
        return clients;
    }
--- a/dmp-backend/core/src/main/java/eu/eudat/configurations/DepositProperties.java
+++ b/dmp-backend/core/src/main/java/eu/eudat/configurations/DepositProperties.java
@ -8,18 +8,52 @@ import java.util.List;
@ConfigurationProperties(prefix = "deposit")
 public class DepositProperties {
-    private List<String> urls;
+    private final List<DepositSource> sources;
    @ConstructorBinding
-    public DepositProperties(List<String> urls) {
+    public DepositProperties(List<DepositSource> sources) {
-        this.urls = urls;
+        this.sources = sources;
    }
-    public List<String> getUrls() {
+    public List<DepositSource> getSources() {
-        return urls;
+        return sources;
    }
-    public void setUrls(List<String> urls) {
+    public static class DepositSource {
-        this.urls = urls;
+
        private final String url;
        private final String issuerUrl;
        private final String clientId;
        private final String clientSecret;
        private final String scope;
        @ConstructorBinding
        public DepositSource(String url, String issuerUrl, String clientId, String clientSecret, String scope) {
            this.url = url;
            this.issuerUrl = issuerUrl;
            this.clientId = clientId;
            this.clientSecret = clientSecret;
            this.scope = scope;
        }
        public String getUrl() {
            return url;
        }
        public String getIssuerUrl() {
            return issuerUrl;
        }
        public String getClientId() {
            return clientId;
        }
        public String getClientSecret() {
            return clientSecret;
        }
        public String getScope() {
            return scope;
        }
    }
 }
--- a/dmp-backend/web/src/main/resources/config/deposit.yml
+++ b/dmp-backend/web/src/main/resources/config/deposit.yml
@ -1,3 +1,7 @@
 deposit:
-  urls:
+  sources:
-    - http://localhost:8080
+    - url: http://localhost:8082
      issuer-url: ${ZENODO_ISSUER_URI:IDP_APIKEY_ISSUER_URI}
      client-id: ${ZENODO_DEPOSIT_CLIENT_ID:}
      client-secret: ${ZENODO_DEPOSIT_CLIENT_SECRET:}
      scope: ${ZENODO_DEPOSIT_SCOPE:}