Commit c9de87da authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Franco's version support

parent dc98f654
package it.inaf.ia2.gms;
import it.inaf.ia2.aa.AuthConfig;
import it.inaf.ia2.aa.ServiceLocator;
import it.inaf.ia2.aa.UriCustomizer;
import it.inaf.ia2.aa.jwt.QueryStringBuilder;
import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
import it.inaf.ia2.gms.exception.BadRequestException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
......@@ -12,5 +20,47 @@ public class GmsApplication {
public static void main(String[] args) {
SpringApplication.run(GmsApplication.class, args);
AuthConfig authConfig = ServiceLocator.getInstance().getConfig();
final String defaultAuthorizationUri = authConfig.getUserAuthorizationUri();
authConfig.setAuthorizationUriCustomizer(new UriCustomizer() {
@Override
public String getBaseUri(HttpServletRequest req) {
// for a better security we should check for allowed redirects
String redirect = req.getParameter("redirect");
if (redirect != null) {
return redirect;
}
return defaultAuthorizationUri;
}
@Override
public void customizeQueryString(HttpServletRequest req, QueryStringBuilder queryStringBuilder) {
String clientDb = req.getParameter(CLIENT_DB);
if (clientDb == null) {
HttpSession session = req.getSession(false);
if (session != null) {
clientDb = (String) session.getAttribute(CLIENT_DB);
}
}
if (clientDb == null) {
throw new BadRequestException("client_db not set");
}
queryStringBuilder.param(CLIENT_DB, clientDb);
}
});
final String defaultAccessTokenUri = authConfig.getAccessTokenUri();
authConfig.setAccessTokenUriCustomizer(req -> {
String redirect = req.getParameter("token_uri");
if (redirect != null) {
return redirect;
}
return defaultAccessTokenUri;
});
}
}
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.ServiceLocator;
import it.inaf.ia2.aa.jwt.JwksClient;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ClientDbFilter implements Filter {
private static final String CLIENT_DB = "client_db";
public static final String CLIENT_DB = "client_db";
private String defaultJwksUri;
private JwksClient jwksClient;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
defaultJwksUri = ServiceLocator.getInstance().getConfig().getJwksUri();
jwksClient = ServiceLocator.getInstance().getJwksClient();
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String clientDb = request.getParameter(CLIENT_DB);
if (clientDb != null) {
request.getSession().setAttribute(CLIENT_DB, clientDb);
String newUrl = defaultJwksUri.replaceAll("\\?client_name=(.*)", "?client_name=" + clientDb);
jwksClient.addJwksUrl(newUrl);
}
fc.doFilter(req, res);
}
}
package it.inaf.ia2.gms.controller;
import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.manager.InvitedRegistrationManager;
......@@ -93,8 +94,9 @@ public class HomePageController {
@GetMapping(value = "/logout", produces = MediaType.TEXT_HTML_VALUE)
public void logout(HttpSession httpSession, HttpServletResponse response) throws IOException {
String clientDB = (String) httpSession.getAttribute(CLIENT_DB);
httpSession.invalidate();
String baseUrl = ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString();
response.sendRedirect(baseUrl);
response.sendRedirect(baseUrl + "?client_db=" + clientDB);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment