Commit b39b7cf9 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Franco's version support

parent 609cb6b5
package it.inaf.ia2.gms.authn;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
public class ClientDbFilter implements Filter {
private static final String CLIENT_DB = "client_db";
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
String clientDb = request.getParameter(CLIENT_DB);
if (clientDb != null) {
request.getSession().setAttribute(CLIENT_DB, clientDb);
}
fc.doFilter(req, res);
}
}
......@@ -26,6 +26,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
String idTokenString = (String) map.get("id_token");
String accessTokenString = (String) map.get("access_token");
// Needed for Franco's version: access_token is equal to id_token
if (accessTokenString == null) {
accessTokenString = idTokenString;
}
OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString);
OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString);
String refreshToken = (String) map.get("refresh_token");
......
......@@ -75,6 +75,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
web.ignoring().antMatchers("/ws/jwt/**", "/error", "/logout", "/invited-registration", "/help/**");
}
@Bean
public FilterRegistrationBean clientDbFilter() {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new ClientDbFilter());
bean.addUrlPatterns("/*");
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
}
/**
* Checks JWT for web services.
*/
......
......@@ -9,6 +9,10 @@ import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.ParameterizedTypeReference;
......@@ -26,6 +30,8 @@ import org.springframework.web.client.RestTemplate;
@Component
public class RapClient {
private static final Logger LOG = LoggerFactory.getLogger(RapClient.class);
@Value("${rap.ws-url}")
private String rapBaseUrl;
......@@ -41,6 +47,11 @@ public class RapClient {
@Value("${security.oauth2.client.scope}")
private String scope;
/* Use basic auth instead of JWT when asking for users
* Needed for Franco's version. */
@Value("${rap.ws.basic-auth}")
private boolean basicAuth;
@Autowired
private HttpServletRequest request;
......@@ -116,7 +127,21 @@ public class RapClient {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
if (request.getSession(false) != null) {
if (basicAuth) { // Franco's version
String auth = clientId + ":" + clientSecret;
String encodedAuth = Base64.encodeBase64String(auth.getBytes());
headers.add("Authorization", "Basic " + encodedAuth);
HttpSession session = request.getSession(false);
if (session != null) {
String clientDb = (String) session.getAttribute("client_db");
if (clientDb != null) {
headers.add("client_db", clientDb);
LOG.debug("client_db=" + clientDb);
}
}
} else if (request.getSession(false) != null) {
headers.add("Authorization", "Bearer " + sessionData.getAccessToken());
} else {
// from JWT web service
......
......@@ -6,25 +6,26 @@ server.error.whitelabel.enabled=false
security.oauth2.client.client-id=gms
security.oauth2.client.client-secret=gms-secret
security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token
security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize
security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token
security.oauth2.client.scope=openid,email,profile,read:rap
security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks
security.oauth2.client.access-token-uri=http://localhost/franco/fake-rap/token.php
security.oauth2.client.user-authorization-uri=http://localhost/franco/fake-rap/index.php
security.oauth2.resource.token-info-uri=http://localhost/franco/fake-rap/check-token.php
security.oauth2.client.scope=openid,email,profile
security.oauth2.resource.jwk.key-set-uri=http://localhost/franco/fake-rap/jwks.php
logging.level.it.inaf=TRACE
logging.level.org.springframework.security=DEBUG
logging.level.org.springframework.jdbc=TRACE
logging.level.org.springframework.web=TRACE
spring.datasource.url=jdbc:postgresql://localhost:5432/gms2
spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/postgres
spring.datasource.username=gms
spring.datasource.password=gms
rap.ws-url=http://localhost/rap-ia2/ws
rap.ws-url=http://localhost/franco/fake-rap/get-users.php
rap.ws.basic-auth=true
support.contact.label=IA2 team
support.contact.email=ia2@inaf.it
# For development only:
spring.profiles.active=dev
cors.allowed.origin=http://localhost:8080
cors.allowed.origin=http://localhost
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment