Loading gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java +8 −0 Original line number Original line Diff line number Diff line package it.inaf.ia2.gms; package it.inaf.ia2.gms; import it.inaf.ia2.aa.ServiceLocator; import it.inaf.ia2.rap.client.RapClient; import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration; import org.springframework.transaction.annotation.EnableTransactionManagement; import org.springframework.transaction.annotation.EnableTransactionManagement; Loading @@ -13,4 +16,9 @@ public class GmsApplication { public static void main(String[] args) { public static void main(String[] args) { SpringApplication.run(GmsApplication.class, args); SpringApplication.run(GmsApplication.class, args); } } @Bean public RapClient rapClient() { return ServiceLocator.getInstance().getRapClient(); } } } gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java +7 −13 Original line number Original line Diff line number Diff line package it.inaf.ia2.gms.authn; package it.inaf.ia2.gms.authn; import io.jsonwebtoken.Jwt; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SigningKeyResolver; import it.inaf.ia2.aa.ServiceLocator; import it.inaf.ia2.gms.persistence.LoggingDAO; import it.inaf.ia2.gms.persistence.LoggingDAO; import it.inaf.ia2.rap.client.RapClient; import java.io.IOException; import java.io.IOException; import java.security.Principal; import java.security.Principal; import java.util.Map; import java.util.Map; Loading @@ -20,11 +17,11 @@ import javax.servlet.http.HttpServletResponse; public class JWTFilter implements Filter { public class JWTFilter implements Filter { private final LoggingDAO loggingDAO; private final LoggingDAO loggingDAO; private final SigningKeyResolver signingKeyResolver; private final RapClient rapClient; public JWTFilter(LoggingDAO loggingDAO) { public JWTFilter(LoggingDAO loggingDAO, RapClient rapClient) { this.loggingDAO = loggingDAO; this.loggingDAO = loggingDAO; this.signingKeyResolver = ServiceLocator.getInstance().getTokenManager().getSigningKeyResolver(); this.rapClient = rapClient; } } @Override @Override Loading @@ -40,13 +37,10 @@ public class JWTFilter implements Filter { return; return; } } authHeader = authHeader.replace("Bearer", "").trim(); String token = authHeader.replace("Bearer", "").trim(); Jwt jwt = Jwts.parser() rapClient.setAccessToken(token); .setSigningKeyResolver(signingKeyResolver) Map<String, Object> claims = rapClient.parseIdTokenClaims(token); .parse(authHeader); Map<String, Object> claims = (Map<String, Object>) jwt.getBody(); if (claims.get("sub") == null) { if (claims.get("sub") == null) { loggingDAO.logAction("Attempt to access WS with invalid token", request); loggingDAO.logAction("Attempt to access WS with invalid token", request); Loading gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java +3 −2 Original line number Original line Diff line number Diff line package it.inaf.ia2.gms.authn; package it.inaf.ia2.gms.authn; import it.inaf.ia2.gms.persistence.LoggingDAO; import it.inaf.ia2.gms.persistence.LoggingDAO; import it.inaf.ia2.rap.client.RapClient; import org.slf4j.Logger; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value; Loading Loading @@ -47,9 +48,9 @@ public class SecurityConfig { * Checks JWT for web services. * Checks JWT for web services. */ */ @Bean @Bean public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO) { public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO, RapClient rapClient) { FilterRegistrationBean bean = new FilterRegistrationBean(); FilterRegistrationBean bean = new FilterRegistrationBean(); bean.setFilter(new JWTFilter(loggingDAO)); bean.setFilter(new JWTFilter(loggingDAO, rapClient)); bean.addUrlPatterns("/ws/jwt/*"); bean.addUrlPatterns("/ws/jwt/*"); bean.setOrder(Ordered.HIGHEST_PRECEDENCE); bean.setOrder(Ordered.HIGHEST_PRECEDENCE); return bean; return bean; Loading gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java +18 −31 Original line number Original line Diff line number Diff line package it.inaf.ia2.gms.authn; package it.inaf.ia2.gms.authn; import it.inaf.ia2.aa.data.User; import it.inaf.ia2.aa.data.User; import it.inaf.ia2.rap.client.RapClient; import javax.annotation.PostConstruct; import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession; Loading @@ -14,58 +15,44 @@ public class SessionData { private static final String USER_DATA = "user_data"; private static final String USER_DATA = "user_data"; private User user; @Autowired @Autowired private HttpServletRequest request; private HttpServletRequest request; private String userId; @Autowired private String userName; private RapClient rapClient; private String accessToken; private String refreshToken; private long expiration; @PostConstruct @PostConstruct public void init() { public void init() { HttpSession session = request.getSession(false); HttpSession session = request.getSession(false); if (session != null && session.getAttribute(USER_DATA) != null) { if (session != null && session.getAttribute(USER_DATA) != null) { User user = (User) session.getAttribute(USER_DATA); setUser((User) session.getAttribute(USER_DATA)); userId = user.getName(); userName = user.getUserLabel(); accessToken = user.getAccessToken(); refreshToken = user.getRefreshToken(); setExpiresIn(user.getExpiresIn()); } } } public String getUserId() { return userId; } } public String getAccessToken() { public void setUser(User user) { return accessToken; this.user = user; rapClient.setAccessToken(user.getAccessToken()); } } public void setAccessToken(String accessToken) { public String getUserId() { this.accessToken = accessToken; return user.getName(); } public String getRefreshToken() { return refreshToken; } } public void setRefreshToken(String refreshToken) { public String getUserName() { this.refreshToken = refreshToken; return user.getUserLabel(); } } public String getUserName() { public String getAccessToken() { return userName; return user.getAccessToken(); } } public void setExpiresIn(long expiresIn) { public String getRefreshToken() { this.expiration = System.currentTimeMillis() + expiresIn * 1000; return user.getRefreshToken(); } } public long getExpiresIn() { public long getExpiresIn() { return (expiration - System.currentTimeMillis()) / 1000; return user.getExpiresIn(); } } } } gms/src/main/java/it/inaf/ia2/gms/controller/JWTWebServiceController.java +2 −2 Original line number Original line Diff line number Diff line Loading @@ -7,7 +7,6 @@ import it.inaf.ia2.gms.manager.InvitedRegistrationManager; import it.inaf.ia2.gms.manager.MembershipManager; import it.inaf.ia2.gms.manager.MembershipManager; import it.inaf.ia2.gms.manager.PermissionsManager; import it.inaf.ia2.gms.manager.PermissionsManager; import it.inaf.ia2.gms.model.Permission; import it.inaf.ia2.gms.model.Permission; import it.inaf.ia2.gms.model.RapUser; import it.inaf.ia2.gms.model.response.UserPermission; import it.inaf.ia2.gms.model.response.UserPermission; import it.inaf.ia2.gms.persistence.GroupsDAO; import it.inaf.ia2.gms.persistence.GroupsDAO; import it.inaf.ia2.gms.persistence.PermissionsDAO; import it.inaf.ia2.gms.persistence.PermissionsDAO; Loading @@ -19,6 +18,7 @@ import it.inaf.ia2.gms.service.GroupsService; import it.inaf.ia2.gms.service.JoinService; import it.inaf.ia2.gms.service.JoinService; import it.inaf.ia2.gms.service.PermissionUtils; import it.inaf.ia2.gms.service.PermissionUtils; import it.inaf.ia2.gms.service.SearchService; import it.inaf.ia2.gms.service.SearchService; import it.inaf.ia2.rap.data.RapUser; import java.io.IOException; import java.io.IOException; import java.io.PrintWriter; import java.io.PrintWriter; import java.security.Principal; import java.security.Principal; Loading Loading @@ -340,7 +340,7 @@ public class JWTWebServiceController { try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) { try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) { for (RapUser member : membershipManager.getMembers(groupEntity)) { for (RapUser member : membershipManager.getMembers(groupEntity)) { if (selectedUserIds == null || selectedUserIds.contains(member.getId())) { if (selectedUserIds == null || selectedUserIds.contains(member.getId())) { pw.println(member.getPrimaryEmail()); pw.println(member.getPrimaryEmailAddress()); } } } } } } Loading Loading
gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java +8 −0 Original line number Original line Diff line number Diff line package it.inaf.ia2.gms; package it.inaf.ia2.gms; import it.inaf.ia2.aa.ServiceLocator; import it.inaf.ia2.rap.client.RapClient; import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration; import org.springframework.transaction.annotation.EnableTransactionManagement; import org.springframework.transaction.annotation.EnableTransactionManagement; Loading @@ -13,4 +16,9 @@ public class GmsApplication { public static void main(String[] args) { public static void main(String[] args) { SpringApplication.run(GmsApplication.class, args); SpringApplication.run(GmsApplication.class, args); } } @Bean public RapClient rapClient() { return ServiceLocator.getInstance().getRapClient(); } } }
gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java +7 −13 Original line number Original line Diff line number Diff line package it.inaf.ia2.gms.authn; package it.inaf.ia2.gms.authn; import io.jsonwebtoken.Jwt; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SigningKeyResolver; import it.inaf.ia2.aa.ServiceLocator; import it.inaf.ia2.gms.persistence.LoggingDAO; import it.inaf.ia2.gms.persistence.LoggingDAO; import it.inaf.ia2.rap.client.RapClient; import java.io.IOException; import java.io.IOException; import java.security.Principal; import java.security.Principal; import java.util.Map; import java.util.Map; Loading @@ -20,11 +17,11 @@ import javax.servlet.http.HttpServletResponse; public class JWTFilter implements Filter { public class JWTFilter implements Filter { private final LoggingDAO loggingDAO; private final LoggingDAO loggingDAO; private final SigningKeyResolver signingKeyResolver; private final RapClient rapClient; public JWTFilter(LoggingDAO loggingDAO) { public JWTFilter(LoggingDAO loggingDAO, RapClient rapClient) { this.loggingDAO = loggingDAO; this.loggingDAO = loggingDAO; this.signingKeyResolver = ServiceLocator.getInstance().getTokenManager().getSigningKeyResolver(); this.rapClient = rapClient; } } @Override @Override Loading @@ -40,13 +37,10 @@ public class JWTFilter implements Filter { return; return; } } authHeader = authHeader.replace("Bearer", "").trim(); String token = authHeader.replace("Bearer", "").trim(); Jwt jwt = Jwts.parser() rapClient.setAccessToken(token); .setSigningKeyResolver(signingKeyResolver) Map<String, Object> claims = rapClient.parseIdTokenClaims(token); .parse(authHeader); Map<String, Object> claims = (Map<String, Object>) jwt.getBody(); if (claims.get("sub") == null) { if (claims.get("sub") == null) { loggingDAO.logAction("Attempt to access WS with invalid token", request); loggingDAO.logAction("Attempt to access WS with invalid token", request); Loading
gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java +3 −2 Original line number Original line Diff line number Diff line package it.inaf.ia2.gms.authn; package it.inaf.ia2.gms.authn; import it.inaf.ia2.gms.persistence.LoggingDAO; import it.inaf.ia2.gms.persistence.LoggingDAO; import it.inaf.ia2.rap.client.RapClient; import org.slf4j.Logger; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value; Loading Loading @@ -47,9 +48,9 @@ public class SecurityConfig { * Checks JWT for web services. * Checks JWT for web services. */ */ @Bean @Bean public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO) { public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO, RapClient rapClient) { FilterRegistrationBean bean = new FilterRegistrationBean(); FilterRegistrationBean bean = new FilterRegistrationBean(); bean.setFilter(new JWTFilter(loggingDAO)); bean.setFilter(new JWTFilter(loggingDAO, rapClient)); bean.addUrlPatterns("/ws/jwt/*"); bean.addUrlPatterns("/ws/jwt/*"); bean.setOrder(Ordered.HIGHEST_PRECEDENCE); bean.setOrder(Ordered.HIGHEST_PRECEDENCE); return bean; return bean; Loading
gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java +18 −31 Original line number Original line Diff line number Diff line package it.inaf.ia2.gms.authn; package it.inaf.ia2.gms.authn; import it.inaf.ia2.aa.data.User; import it.inaf.ia2.aa.data.User; import it.inaf.ia2.rap.client.RapClient; import javax.annotation.PostConstruct; import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession; Loading @@ -14,58 +15,44 @@ public class SessionData { private static final String USER_DATA = "user_data"; private static final String USER_DATA = "user_data"; private User user; @Autowired @Autowired private HttpServletRequest request; private HttpServletRequest request; private String userId; @Autowired private String userName; private RapClient rapClient; private String accessToken; private String refreshToken; private long expiration; @PostConstruct @PostConstruct public void init() { public void init() { HttpSession session = request.getSession(false); HttpSession session = request.getSession(false); if (session != null && session.getAttribute(USER_DATA) != null) { if (session != null && session.getAttribute(USER_DATA) != null) { User user = (User) session.getAttribute(USER_DATA); setUser((User) session.getAttribute(USER_DATA)); userId = user.getName(); userName = user.getUserLabel(); accessToken = user.getAccessToken(); refreshToken = user.getRefreshToken(); setExpiresIn(user.getExpiresIn()); } } } public String getUserId() { return userId; } } public String getAccessToken() { public void setUser(User user) { return accessToken; this.user = user; rapClient.setAccessToken(user.getAccessToken()); } } public void setAccessToken(String accessToken) { public String getUserId() { this.accessToken = accessToken; return user.getName(); } public String getRefreshToken() { return refreshToken; } } public void setRefreshToken(String refreshToken) { public String getUserName() { this.refreshToken = refreshToken; return user.getUserLabel(); } } public String getUserName() { public String getAccessToken() { return userName; return user.getAccessToken(); } } public void setExpiresIn(long expiresIn) { public String getRefreshToken() { this.expiration = System.currentTimeMillis() + expiresIn * 1000; return user.getRefreshToken(); } } public long getExpiresIn() { public long getExpiresIn() { return (expiration - System.currentTimeMillis()) / 1000; return user.getExpiresIn(); } } } }
gms/src/main/java/it/inaf/ia2/gms/controller/JWTWebServiceController.java +2 −2 Original line number Original line Diff line number Diff line Loading @@ -7,7 +7,6 @@ import it.inaf.ia2.gms.manager.InvitedRegistrationManager; import it.inaf.ia2.gms.manager.MembershipManager; import it.inaf.ia2.gms.manager.MembershipManager; import it.inaf.ia2.gms.manager.PermissionsManager; import it.inaf.ia2.gms.manager.PermissionsManager; import it.inaf.ia2.gms.model.Permission; import it.inaf.ia2.gms.model.Permission; import it.inaf.ia2.gms.model.RapUser; import it.inaf.ia2.gms.model.response.UserPermission; import it.inaf.ia2.gms.model.response.UserPermission; import it.inaf.ia2.gms.persistence.GroupsDAO; import it.inaf.ia2.gms.persistence.GroupsDAO; import it.inaf.ia2.gms.persistence.PermissionsDAO; import it.inaf.ia2.gms.persistence.PermissionsDAO; Loading @@ -19,6 +18,7 @@ import it.inaf.ia2.gms.service.GroupsService; import it.inaf.ia2.gms.service.JoinService; import it.inaf.ia2.gms.service.JoinService; import it.inaf.ia2.gms.service.PermissionUtils; import it.inaf.ia2.gms.service.PermissionUtils; import it.inaf.ia2.gms.service.SearchService; import it.inaf.ia2.gms.service.SearchService; import it.inaf.ia2.rap.data.RapUser; import java.io.IOException; import java.io.IOException; import java.io.PrintWriter; import java.io.PrintWriter; import java.security.Principal; import java.security.Principal; Loading Loading @@ -340,7 +340,7 @@ public class JWTWebServiceController { try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) { try ( PrintWriter pw = new PrintWriter(response.getOutputStream())) { for (RapUser member : membershipManager.getMembers(groupEntity)) { for (RapUser member : membershipManager.getMembers(groupEntity)) { if (selectedUserIds == null || selectedUserIds.contains(member.getId())) { if (selectedUserIds == null || selectedUserIds.contains(member.getId())) { pw.println(member.getPrimaryEmail()); pw.println(member.getPrimaryEmailAddress()); } } } } } } Loading
