Commit c9de87da authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Franco's version support

parent dc98f654
package it.inaf.ia2.gms; package it.inaf.ia2.gms;
import it.inaf.ia2.aa.AuthConfig;
import it.inaf.ia2.aa.ServiceLocator;
import it.inaf.ia2.aa.UriCustomizer;
import it.inaf.ia2.aa.jwt.QueryStringBuilder;
import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
import it.inaf.ia2.gms.exception.BadRequestException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
...@@ -12,5 +20,47 @@ public class GmsApplication { ...@@ -12,5 +20,47 @@ public class GmsApplication {
public static void main(String[] args) { public static void main(String[] args) {
SpringApplication.run(GmsApplication.class, args); SpringApplication.run(GmsApplication.class, args);
AuthConfig authConfig = ServiceLocator.getInstance().getConfig();
final String defaultAuthorizationUri = authConfig.getUserAuthorizationUri();
authConfig.setAuthorizationUriCustomizer(new UriCustomizer() {
@Override
public String getBaseUri(HttpServletRequest req) {
// for a better security we should check for allowed redirects
String redirect = req.getParameter("redirect");
if (redirect != null) {
return redirect;
}
return defaultAuthorizationUri;
}
@Override
public void customizeQueryString(HttpServletRequest req, QueryStringBuilder queryStringBuilder) {
String clientDb = req.getParameter(CLIENT_DB);
if (clientDb == null) {
HttpSession session = req.getSession(false);
if (session != null) {
clientDb = (String) session.getAttribute(CLIENT_DB);
}
}
if (clientDb == null) {
throw new BadRequestException("client_db not set");
}
queryStringBuilder.param(CLIENT_DB, clientDb);
}
});
final String defaultAccessTokenUri = authConfig.getAccessTokenUri();
authConfig.setAccessTokenUriCustomizer(req -> {
String redirect = req.getParameter("token_uri");
if (redirect != null) {
return redirect;
}
return defaultAccessTokenUri;
});
} }
} }
package it.inaf.ia2.gms.authn; package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.ServiceLocator;
import it.inaf.ia2.aa.jwt.JwksClient;
import java.io.IOException; import java.io.IOException;
import javax.servlet.Filter; import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ClientDbFilter implements Filter { public class ClientDbFilter implements Filter {
private static final String CLIENT_DB = "client_db"; public static final String CLIENT_DB = "client_db";
private String defaultJwksUri;
private JwksClient jwksClient;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
defaultJwksUri = ServiceLocator.getInstance().getConfig().getJwksUri();
jwksClient = ServiceLocator.getInstance().getJwksClient();
}
@Override @Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException { public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req; HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String clientDb = request.getParameter(CLIENT_DB); String clientDb = request.getParameter(CLIENT_DB);
if (clientDb != null) { if (clientDb != null) {
request.getSession().setAttribute(CLIENT_DB, clientDb); request.getSession().setAttribute(CLIENT_DB, clientDb);
String newUrl = defaultJwksUri.replaceAll("\\?client_name=(.*)", "?client_name=" + clientDb);
jwksClient.addJwksUrl(newUrl);
} }
fc.doFilter(req, res); fc.doFilter(req, res);
} }
} }
package it.inaf.ia2.gms.controller; package it.inaf.ia2.gms.controller;
import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
import it.inaf.ia2.gms.authn.SessionData; import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.exception.UnauthorizedException; import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.manager.InvitedRegistrationManager; import it.inaf.ia2.gms.manager.InvitedRegistrationManager;
...@@ -93,8 +94,9 @@ public class HomePageController { ...@@ -93,8 +94,9 @@ public class HomePageController {
@GetMapping(value = "/logout", produces = MediaType.TEXT_HTML_VALUE) @GetMapping(value = "/logout", produces = MediaType.TEXT_HTML_VALUE)
public void logout(HttpSession httpSession, HttpServletResponse response) throws IOException { public void logout(HttpSession httpSession, HttpServletResponse response) throws IOException {
String clientDB = (String) httpSession.getAttribute(CLIENT_DB);
httpSession.invalidate(); httpSession.invalidate();
String baseUrl = ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString(); String baseUrl = ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString();
response.sendRedirect(baseUrl); response.sendRedirect(baseUrl + "?client_db=" + clientDB);
} }
} }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment