Loading gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java +50 −0 Original line number Diff line number Diff line package it.inaf.ia2.gms; import it.inaf.ia2.aa.AuthConfig; import it.inaf.ia2.aa.ServiceLocator; import it.inaf.ia2.aa.UriCustomizer; import it.inaf.ia2.aa.jwt.QueryStringBuilder; import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB; import it.inaf.ia2.gms.exception.BadRequestException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Configuration; Loading @@ -12,5 +20,47 @@ public class GmsApplication { public static void main(String[] args) { SpringApplication.run(GmsApplication.class, args); AuthConfig authConfig = ServiceLocator.getInstance().getConfig(); final String defaultAuthorizationUri = authConfig.getUserAuthorizationUri(); authConfig.setAuthorizationUriCustomizer(new UriCustomizer() { @Override public String getBaseUri(HttpServletRequest req) { // for a better security we should check for allowed redirects String redirect = req.getParameter("redirect"); if (redirect != null) { return redirect; } return defaultAuthorizationUri; } @Override public void customizeQueryString(HttpServletRequest req, QueryStringBuilder queryStringBuilder) { String clientDb = req.getParameter(CLIENT_DB); if (clientDb == null) { HttpSession session = req.getSession(false); if (session != null) { clientDb = (String) session.getAttribute(CLIENT_DB); } } if (clientDb == null) { throw new BadRequestException("client_db not set"); } queryStringBuilder.param(CLIENT_DB, clientDb); } }); final String defaultAccessTokenUri = authConfig.getAccessTokenUri(); authConfig.setAccessTokenUriCustomizer(req -> { String redirect = req.getParameter("token_uri"); if (redirect != null) { return redirect; } return defaultAccessTokenUri; }); } } gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java +20 −1 Original line number Diff line number Diff line package it.inaf.ia2.gms.authn; import it.inaf.ia2.aa.ServiceLocator; import it.inaf.ia2.aa.jwt.JwksClient; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ClientDbFilter implements Filter { private static final String CLIENT_DB = "client_db"; public static final String CLIENT_DB = "client_db"; private String defaultJwksUri; private JwksClient jwksClient; @Override public void init(FilterConfig filterConfig) throws ServletException { defaultJwksUri = ServiceLocator.getInstance().getConfig().getJwksUri(); jwksClient = ServiceLocator.getInstance().getJwksClient(); } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String clientDb = request.getParameter(CLIENT_DB); if (clientDb != null) { request.getSession().setAttribute(CLIENT_DB, clientDb); String newUrl = defaultJwksUri.replaceAll("\\?client_name=(.*)", "?client_name=" + clientDb); jwksClient.addJwksUrl(newUrl); } fc.doFilter(req, res); } } gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java +3 −1 Original line number Diff line number Diff line package it.inaf.ia2.gms.controller; import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB; import it.inaf.ia2.gms.authn.SessionData; import it.inaf.ia2.gms.exception.UnauthorizedException; import it.inaf.ia2.gms.manager.InvitedRegistrationManager; Loading Loading @@ -93,8 +94,9 @@ public class HomePageController { @GetMapping(value = "/logout", produces = MediaType.TEXT_HTML_VALUE) public void logout(HttpSession httpSession, HttpServletResponse response) throws IOException { String clientDB = (String) httpSession.getAttribute(CLIENT_DB); httpSession.invalidate(); String baseUrl = ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString(); response.sendRedirect(baseUrl); response.sendRedirect(baseUrl + "?client_db=" + clientDB); } } Loading
gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java +50 −0 Original line number Diff line number Diff line package it.inaf.ia2.gms; import it.inaf.ia2.aa.AuthConfig; import it.inaf.ia2.aa.ServiceLocator; import it.inaf.ia2.aa.UriCustomizer; import it.inaf.ia2.aa.jwt.QueryStringBuilder; import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB; import it.inaf.ia2.gms.exception.BadRequestException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Configuration; Loading @@ -12,5 +20,47 @@ public class GmsApplication { public static void main(String[] args) { SpringApplication.run(GmsApplication.class, args); AuthConfig authConfig = ServiceLocator.getInstance().getConfig(); final String defaultAuthorizationUri = authConfig.getUserAuthorizationUri(); authConfig.setAuthorizationUriCustomizer(new UriCustomizer() { @Override public String getBaseUri(HttpServletRequest req) { // for a better security we should check for allowed redirects String redirect = req.getParameter("redirect"); if (redirect != null) { return redirect; } return defaultAuthorizationUri; } @Override public void customizeQueryString(HttpServletRequest req, QueryStringBuilder queryStringBuilder) { String clientDb = req.getParameter(CLIENT_DB); if (clientDb == null) { HttpSession session = req.getSession(false); if (session != null) { clientDb = (String) session.getAttribute(CLIENT_DB); } } if (clientDb == null) { throw new BadRequestException("client_db not set"); } queryStringBuilder.param(CLIENT_DB, clientDb); } }); final String defaultAccessTokenUri = authConfig.getAccessTokenUri(); authConfig.setAccessTokenUriCustomizer(req -> { String redirect = req.getParameter("token_uri"); if (redirect != null) { return redirect; } return defaultAccessTokenUri; }); } }
gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java +20 −1 Original line number Diff line number Diff line package it.inaf.ia2.gms.authn; import it.inaf.ia2.aa.ServiceLocator; import it.inaf.ia2.aa.jwt.JwksClient; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ClientDbFilter implements Filter { private static final String CLIENT_DB = "client_db"; public static final String CLIENT_DB = "client_db"; private String defaultJwksUri; private JwksClient jwksClient; @Override public void init(FilterConfig filterConfig) throws ServletException { defaultJwksUri = ServiceLocator.getInstance().getConfig().getJwksUri(); jwksClient = ServiceLocator.getInstance().getJwksClient(); } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String clientDb = request.getParameter(CLIENT_DB); if (clientDb != null) { request.getSession().setAttribute(CLIENT_DB, clientDb); String newUrl = defaultJwksUri.replaceAll("\\?client_name=(.*)", "?client_name=" + clientDb); jwksClient.addJwksUrl(newUrl); } fc.doFilter(req, res); } }
gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java +3 −1 Original line number Diff line number Diff line package it.inaf.ia2.gms.controller; import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB; import it.inaf.ia2.gms.authn.SessionData; import it.inaf.ia2.gms.exception.UnauthorizedException; import it.inaf.ia2.gms.manager.InvitedRegistrationManager; Loading Loading @@ -93,8 +94,9 @@ public class HomePageController { @GetMapping(value = "/logout", produces = MediaType.TEXT_HTML_VALUE) public void logout(HttpSession httpSession, HttpServletResponse response) throws IOException { String clientDB = (String) httpSession.getAttribute(CLIENT_DB); httpSession.invalidate(); String baseUrl = ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString(); response.sendRedirect(baseUrl); response.sendRedirect(baseUrl + "?client_db=" + clientDB); } }
