Commit 65a91b9f authored by Sonia Zorba's avatar Sonia Zorba Committed by zonia3000
Browse files

Access token management changes and Docker issue fix

parent f0ea301c
......@@ -20,6 +20,14 @@ To run:
docker run --env-file docker-env -d -p 8081:8081 -i -t gms:latest
## Create the first super-admin
The first super admin user must be added manually, then he/she will be able to add other administrators from the UI:
INSERT INTO gms_permission (group_id, user_id, permission, group_path) VALUES('ROOT', '1', 'ADMIN', '');
The value `user_id` is the RAP user id.
## Command line clients
To add a command line client first generate the sha256 of its password:
FROM library/postgres:11
COPY gms/src/main/resources/sql/init.sql /docker-entrypoint-initdb.d/
COPY database/user.sql /docker-entrypoint-initdb.d/
......@@ -23,10 +23,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
public Authentication extractAuthentication(Map<String, ?> map) {
String idToken = (String) map.get("id_token");
OAuth2AccessToken token = jwkTokenStore.readAccessToken(idToken);
String idTokenString = (String) map.get("id_token");
String accessTokenString = (String) map.get("access_token");
OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString);
OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString);
String refreshToken = (String) map.get("refresh_token");
Map<String, Object> claims = token.getAdditionalInformation();
......@@ -36,6 +37,6 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
return new CustomAuthenticationData(principal, claims, authorities, token, refreshToken);
return new CustomAuthenticationData(principal, claims, authorities, accessToken, refreshToken);
......@@ -8,7 +8,7 @@ security.oauth2.client.client-secret=gms-secret
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment