Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IA2
GMS
Commits
65a91b9f
Commit
65a91b9f
authored
Mar 19, 2020
by
Sonia Zorba
Committed by
zonia3000
Mar 19, 2020
Browse files
Access token management changes and Docker issue fix
parent
f0ea301c
Changes
4
Hide whitespace changes
Inline
Side-by-side
README.md
View file @
65a91b9f
...
...
@@ -20,6 +20,14 @@ To run:
docker run --env-file docker-env -d -p 8081:8081 -i -t gms:latest
## Create the first super-admin
The first super admin user must be added manually, then he/she will be able to add other administrators from the UI:
INSERT INTO gms_permission (group_id, user_id, permission, group_path) VALUES('ROOT', '1', 'ADMIN', '');
The value
`user_id`
is the RAP user id.
## Command line clients
To add a command line client first generate the sha256 of its password:
...
...
database/Dockerfile
View file @
65a91b9f
FROM
library/postgres:11
COPY
gms/src/main/resources/sql/init.sql /docker-entrypoint-initdb.d/
COPY
database/user.sql /docker-entrypoint-initdb.d/
ENV
POSTGRES_HOST_AUTH_METHOD=trust
gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java
View file @
65a91b9f
...
...
@@ -23,10 +23,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
@Override
public
Authentication
extractAuthentication
(
Map
<
String
,
?>
map
)
{
String
idToken
=
(
String
)
map
.
get
(
"id_token"
);
OAuth2AccessToken
token
=
jwkTokenStore
.
readAccessToken
(
idToken
);
String
idTokenString
=
(
String
)
map
.
get
(
"id_token"
);
String
accessTokenString
=
(
String
)
map
.
get
(
"access_token"
);
OAuth2AccessToken
token
=
jwkTokenStore
.
readAccessToken
(
idTokenString
);
OAuth2AccessToken
accessToken
=
jwkTokenStore
.
readAccessToken
(
accessTokenString
);
String
refreshToken
=
(
String
)
map
.
get
(
"refresh_token"
);
Map
<
String
,
Object
>
claims
=
token
.
getAdditionalInformation
();
...
...
@@ -36,6 +37,6 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
List
<
GrantedAuthority
>
authorities
=
AuthorityUtils
.
createAuthorityList
(
"ROLE_USER"
);
return
new
CustomAuthenticationData
(
principal
,
claims
,
authorities
,
t
oken
,
refreshToken
);
return
new
CustomAuthenticationData
(
principal
,
claims
,
authorities
,
accessT
oken
,
refreshToken
);
}
}
gms/src/main/resources/application.properties
View file @
65a91b9f
...
...
@@ -8,7 +8,7 @@ security.oauth2.client.client-secret=gms-secret
security.oauth2.client.access-token-uri
=
http://localhost/rap-ia2/auth/oauth2/token
security.oauth2.client.user-authorization-uri
=
http://localhost/rap-ia2/auth/oauth2/authorize
security.oauth2.resource.token-info-uri
=
http://localhost/rap-ia2/auth/oauth2/check_token
security.oauth2.client.scope
=
openid,email,profile
security.oauth2.client.scope
=
openid,email,profile
,read:rap
security.oauth2.resource.jwk.key-set-uri
=
http://localhost/rap-ia2/auth/oidc/jwks
logging.level.it.inaf
=
TRACE
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment