Commit 6eef3264 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

SKADC version support

parent bffca64b
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.AuthConfig;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.aa.UserManager;
import java.io.IOException;
import java.net.URI;
import javax.servlet.Filter;
......@@ -15,11 +15,11 @@ public class ClientDbFilter implements Filter {
public static final String CLIENT_DB = "client_db";
private final RapClient rapClient;
private final UserManager userManager;
private final String defaultJwksUri;
public ClientDbFilter(AuthConfig authConfig, RapClient rapClient) {
this.rapClient = rapClient;
public ClientDbFilter(AuthConfig authConfig, UserManager userManager) {
this.userManager = userManager;
defaultJwksUri = URI.create(authConfig.getRapBaseUri()).resolve(authConfig.getJwksEndpoint()).toString();
}
......@@ -32,7 +32,7 @@ public class ClientDbFilter implements Filter {
if (clientDb != null) {
request.getSession().setAttribute(CLIENT_DB, clientDb);
String newUrl = defaultJwksUri.replaceAll("\\?client_name=(.*)", "?client_name=" + clientDb);
rapClient.addJwksUri(URI.create(newUrl));
userManager.addJwksUri(URI.create(newUrl));
}
fc.doFilter(req, res);
......
package it.inaf.ia2.gms.authn;
import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
import it.inaf.ia2.gms.exception.BadRequestException;
import it.inaf.ia2.rap.client.call.GetUserCall;
import it.inaf.ia2.rap.data.RapUser;
import java.net.URI;
import java.net.http.HttpRequest;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class ClientDbRapClient extends ServletRapClient {
private static final Logger LOG = LoggerFactory.getLogger(ClientDbRapClient.class);
public ClientDbRapClient(String baseUrl) {
super(baseUrl);
}
@Override
protected HttpRequest.Builder newAuthRequest(HttpRequest.Builder requestBuilder, HttpServletRequest request) {
return setClientDb(super.newClientSecretRequest(requestBuilder), request);
}
@Override
public HttpRequest.Builder newRequest(String endpoint, HttpServletRequest context) {
return setClientDb(super.newRequest(endpoint), context);
}
@Override
public HttpRequest.Builder newRequest(URI uri, HttpServletRequest context) {
return setClientDb(super.newRequest(uri), context);
}
private HttpRequest.Builder setClientDb(HttpRequest.Builder builder, HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session != null) {
String clientDb = (String) session.getAttribute("client_db");
if (clientDb != null) {
builder.setHeader("client_db", clientDb);
LOG.debug("client_db=" + clientDb);
}
}
return builder;
}
@Override
public URI getAuthorizationUri(HttpServletRequest request) {
// for a better security we should check for allowed redirects
String redirect = request.getParameter("redirect");
URI uri;
if (redirect != null) {
uri = URI.create(redirect);
} else {
uri = super.getAuthorizationUri(request);
}
String clientDb = request.getParameter(CLIENT_DB);
if (clientDb == null) {
HttpSession session = request.getSession(false);
if (session != null) {
clientDb = (String) session.getAttribute(CLIENT_DB);
}
}
if (clientDb == null) {
throw new BadRequestException("client_db not set");
}
redirect = uri.toString();
redirect += redirect.contains("?") ? "&" : "?";
redirect += CLIENT_DB + "=" + clientDb;
return URI.create(redirect);
}
@Override
public URI getAccessTokenUri(HttpServletRequest request) {
String tokenUri = request.getParameter("token_uri");
if (tokenUri != null) {
return URI.create(tokenUri);
}
return super.getAccessTokenUri(request);
}
@Override
public List<RapUser> getUsers(String searchText, HttpServletRequest request) {
List<RapUser> users = new GetUserCall(this).getUsers(searchText, request);
return users.stream()
.filter(u -> u.getDisplayName().contains(searchText) || u.getPrimaryEmailAddress().contains(searchText))
.collect(Collectors.toList());
}
}
......@@ -4,14 +4,6 @@ server.servlet.context-path=/gms
spring.main.allow-bean-definition-overriding=true
server.error.whitelabel.enabled=false
security.oauth2.client.client-id=gms
security.oauth2.client.client-secret=gms-secret
security.oauth2.client.access-token-uri=http://localhost/franco/fake-rap/token.php
security.oauth2.client.user-authorization-uri=http://localhost/franco/fake-rap/index.php
security.oauth2.resource.token-info-uri=http://localhost/franco/fake-rap/check-token.php
security.oauth2.client.scope=openid,email,profile
security.oauth2.resource.jwk.key-set-uri=http://localhost/franco/fake-rap/jwks.php
logging.level.it.inaf=TRACE
logging.level.org.springframework.security=DEBUG
logging.level.org.springframework.jdbc=TRACE
......@@ -21,8 +13,6 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/postgres
spring.datasource.username=gms
spring.datasource.password=gms
rap.ws-url=http://localhost/franco/fake-rap/get-users.php
rap.ws.basic-auth=true
support.contact.label=IA2 team
support.contact.email=ia2@inaf.it
......
client_id=gms
client_secret=gms-secret
rap_uri=http://localhost/rap-ia2
jwks_endpoint=/auth/oidc/jwks
access_token_uri=http://localhost/rap-ia2/auth/oauth2/token
user_authorization_uri=http://localhost/rap-ia2/auth/oauth2/authorize
check_token_uri=http://localhost/rap-ia2/auth/oauth2/token
jwks_uri=http://localhost/rap-ia2/auth/oidc/jwks
gms_uri=http://localhost:8082/gms/ws/jwt
client_id=
client_secret=
rap_uri=https://auth.inaf.it/auth/prod/
access_token_endpoint=accessToken/
user_authorization_endpoint=authorization/
check_token_endpoint=userInfo/
jwks_endpoint=jwks?client_name=ia2gms
rap_ws_user_endpoint=portal/SendUsers.php/user
rap_client_class=it.inaf.ia2.gms.authn.ClientDbRapClient
gms_uri=https://sso-devel.ia2.inaf.it/gms
groups_autoload=false
store_state_on_login_endpoint=true
scope=openid email profile read:rap
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.AuthConfig;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.aa.UserManager;
import java.net.URI;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
......@@ -26,7 +26,7 @@ public class ClientDbFilterTest {
private AuthConfig authConfig;
@Mock
private RapClient rapClient;
private UserManager userManager;
private ClientDbFilter filter;
......@@ -38,9 +38,9 @@ public class ClientDbFilterTest {
when(request.getSession()).thenReturn(mock(HttpSession.class));
when(request.getParameter(eq("client_db"))).thenReturn("other_db");
filter = new ClientDbFilter(authConfig, rapClient);
filter = new ClientDbFilter(authConfig, userManager);
filter.doFilter(request, mock(HttpServletResponse.class), mock(FilterChain.class));
verify(rapClient).addJwksUri(eq(URI.create("http://ia2.inaf.it/jwks?client_name=other_db")));
verify(userManager).addJwksUri(eq(URI.create("http://ia2.inaf.it/jwks?client_name=other_db")));
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment