Commit 65a91b9f authored by Sonia Zorba's avatar Sonia Zorba Committed by zonia3000
Browse files

Access token management changes and Docker issue fix

parent f0ea301c
......@@ -20,6 +20,14 @@ To run:
docker run --env-file docker-env -d -p 8081:8081 -i -t gms:latest
## Create the first super-admin
The first super admin user must be added manually, then he/she will be able to add other administrators from the UI:
INSERT INTO gms_permission (group_id, user_id, permission, group_path) VALUES('ROOT', '1', 'ADMIN', '');
The value `user_id` is the RAP user id.
## Command line clients
To add a command line client first generate the sha256 of its password:
......
FROM library/postgres:11
COPY gms/src/main/resources/sql/init.sql /docker-entrypoint-initdb.d/
COPY database/user.sql /docker-entrypoint-initdb.d/
ENV POSTGRES_HOST_AUTH_METHOD=trust
......@@ -23,10 +23,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
@Override
public Authentication extractAuthentication(Map<String, ?> map) {
String idToken = (String) map.get("id_token");
OAuth2AccessToken token = jwkTokenStore.readAccessToken(idToken);
String idTokenString = (String) map.get("id_token");
String accessTokenString = (String) map.get("access_token");
OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString);
OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString);
String refreshToken = (String) map.get("refresh_token");
Map<String, Object> claims = token.getAdditionalInformation();
......@@ -36,6 +37,6 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
return new CustomAuthenticationData(principal, claims, authorities, token, refreshToken);
return new CustomAuthenticationData(principal, claims, authorities, accessToken, refreshToken);
}
}
......@@ -8,7 +8,7 @@ security.oauth2.client.client-secret=gms-secret
security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token
security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize
security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token
security.oauth2.client.scope=openid,email,profile
security.oauth2.client.scope=openid,email,profile,read:rap
security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks
logging.level.it.inaf=TRACE
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment