Loading gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java 0 → 100644 +24 −0 Original line number Diff line number Diff line package it.inaf.ia2.gms.authn; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; public class ClientDbFilter implements Filter { private static final String CLIENT_DB = "client_db"; @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; String clientDb = request.getParameter(CLIENT_DB); if (clientDb != null) { request.getSession().setAttribute(CLIENT_DB, clientDb); } fc.doFilter(req, res); } } gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java +5 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter { String idTokenString = (String) map.get("id_token"); String accessTokenString = (String) map.get("access_token"); // Needed for Franco's version: access_token is equal to id_token if (accessTokenString == null) { accessTokenString = idTokenString; } OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString); OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString); String refreshToken = (String) map.get("refresh_token"); Loading gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java +9 −0 Original line number Diff line number Diff line Loading @@ -75,6 +75,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { web.ignoring().antMatchers("/ws/jwt/**", "/error", "/logout", "/invited-registration", "/help/**"); } @Bean public FilterRegistrationBean clientDbFilter() { FilterRegistrationBean bean = new FilterRegistrationBean(); bean.setFilter(new ClientDbFilter()); bean.addUrlPatterns("/*"); bean.setOrder(Ordered.HIGHEST_PRECEDENCE); return bean; } /** * Checks JWT for web services. */ Loading gms/src/main/java/it/inaf/ia2/gms/rap/RapClient.java +26 −1 Original line number Diff line number Diff line Loading @@ -9,6 +9,10 @@ import java.util.Map; import java.util.Set; import java.util.function.Function; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.codec.binary.Base64; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.ParameterizedTypeReference; Loading @@ -26,6 +30,8 @@ import org.springframework.web.client.RestTemplate; @Component public class RapClient { private static final Logger LOG = LoggerFactory.getLogger(RapClient.class); @Value("${rap.ws-url}") private String rapBaseUrl; Loading @@ -41,6 +47,11 @@ public class RapClient { @Value("${security.oauth2.client.scope}") private String scope; /* Use basic auth instead of JWT when asking for users * Needed for Franco's version. */ @Value("${rap.ws.basic-auth}") private boolean basicAuth; @Autowired private HttpServletRequest request; Loading Loading @@ -116,7 +127,21 @@ public class RapClient { HttpHeaders headers = new HttpHeaders(); headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); if (request.getSession(false) != null) { if (basicAuth) { // Franco's version String auth = clientId + ":" + clientSecret; String encodedAuth = Base64.encodeBase64String(auth.getBytes()); headers.add("Authorization", "Basic " + encodedAuth); HttpSession session = request.getSession(false); if (session != null) { String clientDb = (String) session.getAttribute("client_db"); if (clientDb != null) { headers.add("client_db", clientDb); LOG.debug("client_db=" + clientDb); } } } else if (request.getSession(false) != null) { headers.add("Authorization", "Bearer " + sessionData.getAccessToken()); } else { // from JWT web service Loading gms/src/main/resources/application.properties +9 −8 Original line number Diff line number Diff line Loading @@ -6,25 +6,26 @@ server.error.whitelabel.enabled=false security.oauth2.client.client-id=gms security.oauth2.client.client-secret=gms-secret security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token security.oauth2.client.scope=openid,email,profile,read:rap security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks security.oauth2.client.access-token-uri=http://localhost/franco/fake-rap/token.php security.oauth2.client.user-authorization-uri=http://localhost/franco/fake-rap/index.php security.oauth2.resource.token-info-uri=http://localhost/franco/fake-rap/check-token.php security.oauth2.client.scope=openid,email,profile security.oauth2.resource.jwk.key-set-uri=http://localhost/franco/fake-rap/jwks.php logging.level.it.inaf=TRACE logging.level.org.springframework.security=DEBUG logging.level.org.springframework.jdbc=TRACE logging.level.org.springframework.web=TRACE spring.datasource.url=jdbc:postgresql://localhost:5432/gms2 spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/postgres spring.datasource.username=gms spring.datasource.password=gms rap.ws-url=http://localhost/rap-ia2/ws rap.ws-url=http://localhost/franco/fake-rap/get-users.php rap.ws.basic-auth=true support.contact.label=IA2 team support.contact.email=ia2@inaf.it # For development only: spring.profiles.active=dev cors.allowed.origin=http://localhost:8080 cors.allowed.origin=http://localhost Loading
gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java 0 → 100644 +24 −0 Original line number Diff line number Diff line package it.inaf.ia2.gms.authn; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; public class ClientDbFilter implements Filter { private static final String CLIENT_DB = "client_db"; @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; String clientDb = request.getParameter(CLIENT_DB); if (clientDb != null) { request.getSession().setAttribute(CLIENT_DB, clientDb); } fc.doFilter(req, res); } }
gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java +5 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter { String idTokenString = (String) map.get("id_token"); String accessTokenString = (String) map.get("access_token"); // Needed for Franco's version: access_token is equal to id_token if (accessTokenString == null) { accessTokenString = idTokenString; } OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString); OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString); String refreshToken = (String) map.get("refresh_token"); Loading
gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java +9 −0 Original line number Diff line number Diff line Loading @@ -75,6 +75,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { web.ignoring().antMatchers("/ws/jwt/**", "/error", "/logout", "/invited-registration", "/help/**"); } @Bean public FilterRegistrationBean clientDbFilter() { FilterRegistrationBean bean = new FilterRegistrationBean(); bean.setFilter(new ClientDbFilter()); bean.addUrlPatterns("/*"); bean.setOrder(Ordered.HIGHEST_PRECEDENCE); return bean; } /** * Checks JWT for web services. */ Loading
gms/src/main/java/it/inaf/ia2/gms/rap/RapClient.java +26 −1 Original line number Diff line number Diff line Loading @@ -9,6 +9,10 @@ import java.util.Map; import java.util.Set; import java.util.function.Function; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.codec.binary.Base64; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.ParameterizedTypeReference; Loading @@ -26,6 +30,8 @@ import org.springframework.web.client.RestTemplate; @Component public class RapClient { private static final Logger LOG = LoggerFactory.getLogger(RapClient.class); @Value("${rap.ws-url}") private String rapBaseUrl; Loading @@ -41,6 +47,11 @@ public class RapClient { @Value("${security.oauth2.client.scope}") private String scope; /* Use basic auth instead of JWT when asking for users * Needed for Franco's version. */ @Value("${rap.ws.basic-auth}") private boolean basicAuth; @Autowired private HttpServletRequest request; Loading Loading @@ -116,7 +127,21 @@ public class RapClient { HttpHeaders headers = new HttpHeaders(); headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); if (request.getSession(false) != null) { if (basicAuth) { // Franco's version String auth = clientId + ":" + clientSecret; String encodedAuth = Base64.encodeBase64String(auth.getBytes()); headers.add("Authorization", "Basic " + encodedAuth); HttpSession session = request.getSession(false); if (session != null) { String clientDb = (String) session.getAttribute("client_db"); if (clientDb != null) { headers.add("client_db", clientDb); LOG.debug("client_db=" + clientDb); } } } else if (request.getSession(false) != null) { headers.add("Authorization", "Bearer " + sessionData.getAccessToken()); } else { // from JWT web service Loading
gms/src/main/resources/application.properties +9 −8 Original line number Diff line number Diff line Loading @@ -6,25 +6,26 @@ server.error.whitelabel.enabled=false security.oauth2.client.client-id=gms security.oauth2.client.client-secret=gms-secret security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token security.oauth2.client.scope=openid,email,profile,read:rap security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks security.oauth2.client.access-token-uri=http://localhost/franco/fake-rap/token.php security.oauth2.client.user-authorization-uri=http://localhost/franco/fake-rap/index.php security.oauth2.resource.token-info-uri=http://localhost/franco/fake-rap/check-token.php security.oauth2.client.scope=openid,email,profile security.oauth2.resource.jwk.key-set-uri=http://localhost/franco/fake-rap/jwks.php logging.level.it.inaf=TRACE logging.level.org.springframework.security=DEBUG logging.level.org.springframework.jdbc=TRACE logging.level.org.springframework.web=TRACE spring.datasource.url=jdbc:postgresql://localhost:5432/gms2 spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/postgres spring.datasource.username=gms spring.datasource.password=gms rap.ws-url=http://localhost/rap-ia2/ws rap.ws-url=http://localhost/franco/fake-rap/get-users.php rap.ws.basic-auth=true support.contact.label=IA2 team support.contact.email=ia2@inaf.it # For development only: spring.profiles.active=dev cors.allowed.origin=http://localhost:8080 cors.allowed.origin=http://localhost
