Beta version

This commit is contained in:
Mauro Mugnaini 2020-05-29 13:03:07 +02:00
parent 3d8c926ccc
commit 0edbd88e8f
15 changed files with 102 additions and 59 deletions

View File

@ -13,9 +13,9 @@
</classpathentry>
<classpathentry kind="src" output="target/test-classes" path="src/test/java">
<attributes>
<attribute name="test" value="true"/>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
@ -24,18 +24,16 @@
<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
<attributes>
<attribute name="test" value="true"/>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry combineaccessrules="false" kind="src" path="/oidc-library"/>
<classpathentry combineaccessrules="false" kind="src" path="/oidc-library-portal"/>
<classpathentry kind="output" path="target/classes"/>
</classpath>

1
.gitignore vendored
View File

@ -1,2 +1 @@
target
bin/*

View File

@ -3,8 +3,6 @@
<name>oidc-enrollment-hook</name>
<comment></comment>
<projects>
<project>oidc-library</project>
<project>oidc-library-portal</project>
</projects>
<buildSpec>
<buildCommand>

View File

@ -1,2 +0,0 @@
eclipse.preferences.version=1
org.eclipse.m2e.wtp.enabledProjectSpecificPrefs=false

View File

@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
<wb-module deploy-name="oidc-enrollment-hook">
<wb-module deploy-name="oidc-portal-enrollment-hook">
<wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
<property name="java-output-path" value="/target/classes"/>
<property name="context-root" value="oidc-enrollment-hook"/>
<property name="component.exclusion.patterns" value="WEB-INF/lib/oidc-library*.jar"/>
<property name="java-output-path" value="/oidc-portal-enrollment/target/classes"/>
<property name="context-root" value="oidc-portal-enrollment"/>
<property name="component.exclusion.patterns" value="WEB-INF/lib/*.jar"/>
</wb-module>
</project-modules>

View File

@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<faceted-project>
<fixed facet="wst.jsdt.web"/>
<installed facet="liferay.hook" version="6.0"/>
<installed facet="wst.jsdt.web" version="1.0"/>
<installed facet="liferay.hook" version="6.0"/>
<installed facet="java" version="1.8"/>
<installed facet="jst.web" version="2.5"/>
<installed facet="jst.jaxrs" version="2.1"/>

29
pom.xml
View File

@ -74,6 +74,12 @@
<artifactId>oidc-library</artifactId>
<version>[0.1.0,)</version>
<scope>compile</scope>
<exclusions>
<exclusion>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.liferay.portal</groupId>
@ -104,12 +110,9 @@
<version>${liferay.maven.plugin.version}</version>
<configuration>
<autoDeployDir>${liferay.auto.deploy.dir}</autoDeployDir>
<appServerDeployDir>${liferay.app.server.deploy.dir}
</appServerDeployDir>
<appServerLibGlobalDir>${liferay.app.server.lib.global.dir}
</appServerLibGlobalDir>
<appServerPortalDir>${liferay.app.server.portal.dir}
</appServerPortalDir>
<appServerDeployDir>${liferay.app.server.deploy.dir}</appServerDeployDir>
<appServerLibGlobalDir>${liferay.app.server.lib.global.dir}</appServerLibGlobalDir>
<appServerPortalDir>${liferay.app.server.portal.dir}</appServerPortalDir>
<liferayVersion>${liferay.version}</liferayVersion>
<pluginType>hook</pluginType>
</configuration>
@ -123,11 +126,19 @@
</configuration>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<artifactId>maven-resources-plugin</artifactId>
<version>2.5</version>
<configuration>
<packagingExcludes>WEB-INF/lib/oidc-library*.jar</packagingExcludes>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.5</version>
<configuration>
<packagingExcludes>WEB-INF/lib/*.jar</packagingExcludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
</project>

View File

@ -29,12 +29,14 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
@Override
public String[] doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
JWTToken token = JWTToken.fromString((String) request.getAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE));
if (token == null) {
return null;
if (log.isTraceEnabled() && request.getSession(false) != null) {
log.trace("Session details: id=" + request.getSession(false).getId() + ", instance="
+ request.getSession(false));
}
if (log.isTraceEnabled()) {
log.trace("Token's access token part is: " + token.getAccessTokenString());
JWTToken token = JWTTokenUtil.getOIDCFromRequest(request);
if (token == null) {
log.error("OIDC token is null, Can0t perform auto login");
return null;
}
LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
long companyId = PortalUtil.getCompanyId(request);

View File

@ -34,14 +34,16 @@ public class OpenIdConnectLoginFilter extends BaseFilter {
User user;
try {
if (log.isDebugEnabled()) {
log.debug("Getting user via portal utils");
}
user = PortalUtil.getUser(request);
} catch (PortalException | SystemException e) {
throw new ServletException("Getting user using utls", e);
throw new ServletException("Getting user using utils", e);
}
HttpSession session = null;
HttpSession session = request.getSession(false);
JWTToken token = null;
if (user == null) {
session = request.getSession(false);
String uri = request.getRequestURI();
if (log.isDebugEnabled()) {
log.debug("No user logged in " + uri);
@ -56,16 +58,16 @@ public class OpenIdConnectLoginFilter extends BaseFilter {
} catch (Exception e) {
throw new ServletException("Querying token from OIDC server", e);
}
request.setAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE, token.getRaw());
// The Autologin class will perform the auto-login with the token
JWTTokenUtil.putOIDCInRequest(token, request);
// The auto login class will perform the portal auto login using the token
} else {
String redirectKeycloakURL = OpenIdConnectRESTHelper.buildLoginUrl(configuration.getAuthorizationUrl(),
String oidcRedirectURL = OpenIdConnectRESTHelper.buildLoginUrl(configuration.getAuthorizationUrl(),
configuration.getClientId(), sessionId, request.getRequestURL().toString());
if (log.isDebugEnabled()) {
log.debug("Redirecting to Keycloak login URL: " + redirectKeycloakURL);
log.debug("Redirecting to OIDC server login URL: " + oidcRedirectURL);
}
response.sendRedirect(redirectKeycloakURL);
response.sendRedirect(oidcRedirectURL);
return;
}
}

View File

@ -8,22 +8,33 @@ import com.liferay.portal.kernel.events.Action;
import com.liferay.portal.kernel.events.ActionException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.model.User;
import com.nubisware.oidc.rest.JWTToken;
public class PostLoginAction extends Action {
protected static final Log log = LogFactoryUtil.getLog(PostLoginAction.class);
protected static final Log log = LogFactoryUtil.getLog(PostLoginAction.class);
@Override
public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
if (log.isInfoEnabled()) {
log.info("PostLoginAction invoked");
}
JWTToken token = JWTToken.fromString((String) request.getAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE));
HttpSession session = request.getSession(false);
JWTToken token = JWTTokenUtil.getOIDCFromRequest(request);
HttpSession session = request.getSession();
if (token != null && session != null) {
log.info("Setting OIDC token in session with id: " + session.getId());
session.setAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE, token.getRaw());
if (log.isTraceEnabled()) {
log.trace("Session details: id=" + session.getId() + ", instance=" + session);
}
User user = (User) session.getAttribute("USER");
if (user != null) {
log.info("Setting OIDC token in proxy");
OIDCTokenProxy.getInstance().setOIDCToken(user, session, token);
} else {
log.error("User object not found in session");
}
log.info("Setting OIDC token in session");
JWTTokenUtil.putOIDCInSession(token, session);
}
}

View File

@ -14,9 +14,10 @@ public class PreLoginAction extends Action {
@Override
public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
if (log.isDebugEnabled()) {
log.debug("PreLoginAction invoked");
if (log.isTraceEnabled()) {
log.trace("PreLoginAction invoked");
}
// Noting to do at the moment
}
}

View File

@ -13,8 +13,8 @@ public class SessionCreateAction extends SessionAction {
@Override
public void run(HttpSession session) throws ActionException {
if (log.isDebugEnabled()) {
log.debug("Session created");
if (log.isTraceEnabled()) {
log.trace("Session created. Details: id=" + session.getId() + ", instance=" + session);
}
// Noting to do at the moment
}

View File

@ -8,6 +8,7 @@ import com.liferay.portal.kernel.events.ActionException;
import com.liferay.portal.kernel.events.SessionAction;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.model.User;
import com.nubisware.oidc.rest.JWTToken;
import com.nubisware.oidc.rest.OpenIdConnectRESTHelper;
@ -17,14 +18,16 @@ public class SessionDestroyAction extends SessionAction {
@Override
public void run(HttpSession session) throws ActionException {
if (log.isTraceEnabled()) {
log.trace("Session id is: " + session.getId());
}
if (log.isTraceEnabled()) {
log.trace("Session details: id=" + session.getId() + ", instance=" + session);
}
LiferayOpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration();
if (configuration.logoutOnPortalLogout()) {
JWTToken token = JWTToken.fromString((String) session.getAttribute(JWTToken.OIDC_TOKEN_ATTRIBUTE));
JWTToken token = JWTTokenUtil.getOIDCFromSession(session);
if (token != null) {
log.debug("Performing logout on OIDC server due to session destroy");
if (log.isDebugEnabled()) {
log.debug("Performing logout on OIDC server due to session destroy");
}
try {
OpenIdConnectRESTHelper.logout(token, configuration.getLogoutUrl(), configuration.getClientId());
} catch (IOException e) {
@ -34,8 +37,16 @@ public class SessionDestroyAction extends SessionAction {
log.error("Cannot find the OIDC token in session");
}
} else {
log.debug("Don't performing OIDC logout according to configuration");
if (log.isDebugEnabled()) {
log.debug("Don't performing OIDC logout according to configuration");
}
}
if (log.isDebugEnabled()) {
log.debug("Removing OIDC tokens from cache proxy");
}
User user = (User) session.getAttribute("USER");
OIDCTokenProxy.getInstance().removeOIDCToken(user, session);
OIDCTokenProxy.getInstance().removeUMAToken(user, session);
}
}

View File

@ -1,10 +1,9 @@
servlet.session.create.events=com.nubisware.oidc.lr62.SessionCreateAction
login.events.pre=com.nubisware.oidc.lr62.PreLoginAction
#login.events.pre=com.nubisware.oidc.lr62.PreLoginAction
auto.login.hooks=com.nubisware.oidc.lr62.OpenIdConnectAutoLogin
login.events.post=com.nubisware.oidc.lr62.PostLoginAction
servlet.session.destroy.events=com.nubisware.oidc.lr62.SessionDestroyAction
session.shared.attributes=USER_
company.login.prepopulate.domain=false
d4science.oidc-authorization=https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/auth

View File

@ -2,4 +2,17 @@
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5" />
id="WebApp_ID" version="2.5">
<!-- <filter> -->
<!-- <filter-name>OpenIdConnectLoginFilter</filter-name> -->
<!-- <filter-class>com.nubisware.oidc.lr62.OpenIdConnectLoginFilter</filter-class> -->
<!-- </filter> -->
<!-- <filter-mapping> -->
<!-- <filter-name>OpenIdConnectLoginFilter</filter-name> -->
<!-- <url-pattern>/c/portal/login</url-pattern> -->
<!-- <dispatcher>REQUEST</dispatcher> -->
<!-- <dispatcher>FORWARD</dispatcher> -->
<!-- </filter-mapping> -->
</web-app>