Loading README.md +8 −0 Original line number Diff line number Diff line Loading @@ -20,6 +20,14 @@ To run: docker run --env-file docker-env -d -p 8081:8081 -i -t gms:latest ## Create the first super-admin The first super admin user must be added manually, then he/she will be able to add other administrators from the UI: INSERT INTO gms_permission (group_id, user_id, permission, group_path) VALUES('ROOT', '1', 'ADMIN', ''); The value `user_id` is the RAP user id. ## Command line clients To add a command line client first generate the sha256 of its password: Loading database/Dockerfile +1 −0 Original line number Diff line number Diff line FROM library/postgres:11 COPY gms/src/main/resources/sql/init.sql /docker-entrypoint-initdb.d/ COPY database/user.sql /docker-entrypoint-initdb.d/ ENV POSTGRES_HOST_AUTH_METHOD=trust gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java +5 −4 Original line number Diff line number Diff line Loading @@ -23,10 +23,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter { @Override public Authentication extractAuthentication(Map<String, ?> map) { String idToken = (String) map.get("id_token"); OAuth2AccessToken token = jwkTokenStore.readAccessToken(idToken); String idTokenString = (String) map.get("id_token"); String accessTokenString = (String) map.get("access_token"); OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString); OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString); String refreshToken = (String) map.get("refresh_token"); Map<String, Object> claims = token.getAdditionalInformation(); Loading @@ -36,6 +37,6 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter { List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); return new CustomAuthenticationData(principal, claims, authorities, token, refreshToken); return new CustomAuthenticationData(principal, claims, authorities, accessToken, refreshToken); } } gms/src/main/resources/application.properties +1 −1 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ security.oauth2.client.client-secret=gms-secret security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token security.oauth2.client.scope=openid,email,profile security.oauth2.client.scope=openid,email,profile,read:rap security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks logging.level.it.inaf=TRACE Loading Loading
README.md +8 −0 Original line number Diff line number Diff line Loading @@ -20,6 +20,14 @@ To run: docker run --env-file docker-env -d -p 8081:8081 -i -t gms:latest ## Create the first super-admin The first super admin user must be added manually, then he/she will be able to add other administrators from the UI: INSERT INTO gms_permission (group_id, user_id, permission, group_path) VALUES('ROOT', '1', 'ADMIN', ''); The value `user_id` is the RAP user id. ## Command line clients To add a command line client first generate the sha256 of its password: Loading
database/Dockerfile +1 −0 Original line number Diff line number Diff line FROM library/postgres:11 COPY gms/src/main/resources/sql/init.sql /docker-entrypoint-initdb.d/ COPY database/user.sql /docker-entrypoint-initdb.d/ ENV POSTGRES_HOST_AUTH_METHOD=trust
gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java +5 −4 Original line number Diff line number Diff line Loading @@ -23,10 +23,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter { @Override public Authentication extractAuthentication(Map<String, ?> map) { String idToken = (String) map.get("id_token"); OAuth2AccessToken token = jwkTokenStore.readAccessToken(idToken); String idTokenString = (String) map.get("id_token"); String accessTokenString = (String) map.get("access_token"); OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString); OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString); String refreshToken = (String) map.get("refresh_token"); Map<String, Object> claims = token.getAdditionalInformation(); Loading @@ -36,6 +37,6 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter { List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); return new CustomAuthenticationData(principal, claims, authorities, token, refreshToken); return new CustomAuthenticationData(principal, claims, authorities, accessToken, refreshToken); } }
gms/src/main/resources/application.properties +1 −1 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ security.oauth2.client.client-secret=gms-secret security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token security.oauth2.client.scope=openid,email,profile security.oauth2.client.scope=openid,email,profile,read:rap security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks logging.level.it.inaf=TRACE Loading
