D-Net

package eu.dnetlib.repo.manager.service.utils;

import org.mitre.openid.connect.model.OIDCAuthenticationToken;

import org.springframework.security.core.Authentication;

import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import javax.servlet.ServletException;

import javax.servlet.http.Cookie;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    private String frontEndURI;

    @Override

    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;

        Cookie sessionCookie = new Cookie("currentUser", authOIDC.getSub());

        int expireSec = -1;

        sessionCookie.setMaxAge(expireSec);

        sessionCookie.setPath("/");

        response.addCookie(sessionCookie);

        response.sendRedirect(frontEndURI);

    }

    public String getFrontEndURI() {

        return frontEndURI;

    }

    public void setFrontEndURI(String frontEndURI) {

        this.frontEndURI = frontEndURI;

    }

}

package eu.dnetlib.repo.manager.service.utils;

import org.springframework.beans.factory.annotation.Value;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.ComponentScan;

import org.springframework.context.annotation.Configuration;

import org.springframework.context.annotation.PropertySource;

import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;

import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;

import org.springframework.session.web.http.CookieSerializer;

import org.springframework.session.web.http.DefaultCookieSerializer;

import javax.annotation.PostConstruct;

import java.util.logging.Logger;

@Configuration

@EnableRedisHttpSession

@PropertySource(value = { "classpath:eu/dnetlib/repo/manager/service/application.properties", "classpath:application.properties"} )

@ComponentScan(basePackages = "eu.dnetlib.repo.manager")

public class Config {

    private static Logger LOGGER = Logger.getLogger(String.valueOf(Config.class));

    @Value("${redis.host}")

    private String host;

    @Value("${redis.port:6379}")

    private String port;

    @Value("${redis.password:#{null}}")

    private String password;

    @PostConstruct

    private void init(){

        LOGGER.info(host);

    }

    @Bean

    public LettuceConnectionFactory connectionFactory() {

        LOGGER.info(String.format("Redis connection listens to %s:%s",host,port));

        LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));

        if(password != null) factory.setPassword(password);

        return factory;

    }

    @Bean

    public CookieSerializer cookieSerializer() {

        DefaultCookieSerializer serializer = new DefaultCookieSerializer();

        serializer.setCookieName("SESSION"); // <1>

        serializer.setCookiePath("/"); // <2>

        return serializer;

    }

}

package eu.dnetlib.repo.manager.service.controllers;

import io.swagger.annotations.Api;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

@RestController

@RequestMapping(value = "/user")

@Api(description = "User API",  tags = {"user"})

public interface UserApi {

    @RequestMapping(value = "/login" , method = RequestMethod.GET)

    void login(HttpServletRequest req,

               HttpServletResponse resp);

}

package eu.dnetlib.repo.manager.service.controllers;

import org.springframework.beans.factory.annotation.Value;

import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

@Component

public class UserApiImpl implements UserApi {

    private static final org.apache.log4j.Logger LOGGER = org.apache.log4j.Logger

            .getLogger(UserApiImpl.class);

    @Value("${oidc.issuer}")

    private String oidc_issuer;

    @Override

    public void login(HttpServletRequest req,

                      HttpServletResponse resp) {

        LOGGER.debug(oidc_issuer);

        resp.setStatus(HttpServletResponse.SC_FOUND);

        resp.setHeader("Location", oidc_issuer);

    }

}

import io.swagger.annotations.Api;

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:security="http://www.springframework.org/schema/security"

       xmlns:util="http://www.springframework.org/schema/util" xmlns:task="http://www.springframework.org/schema/task"

       xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"

       xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd

		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd

		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.1.xsd

		  http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd"

       default-autowire="byType">

<!--

-->

    <bean id="webexpressionHandler"

          class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>

    <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"

                                     authentication-manager-ref="authenticationManager"/>

    <security:http auto-config="false" use-expressions="true"

                   disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"

                   pattern="/**">

        <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />

        <security:logout />

    </security:http>

    <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >

        <constructor-arg type="java.lang.String" value="/openid_connect_login"/>

    </bean>

    <security:authentication-manager alias="authenticationManager">

        <security:authentication-provider ref="openIdConnectAuthenticationProvider" />

    </security:authentication-manager>

    <bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">

        <property name="authoritiesMapper">

            <bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">

                <property name="admins" ref="namedAdmins" />

            </bean>

        </property>

    </bean>

    <util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">

        <!--

            This is an example of how quantity set up a user as an administrator: they'll be given ROLE_ADMIN in addition quantity ROLE_USER.

            Note that having an administrator role on the IdP doesn't grant administrator access on this client.

            These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.

        -->

        <bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">

            <constructor-arg name="subject" value="90342.ASDFJWFA" />

            <constructor-arg name="issuer" value="${oidc.issuer}" />

        </bean>

    </util:set>

    <bean class="eu.dnetlib.repo.manager.service.utils.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">

        <property name="frontEndURI" value="${webapp.front}"/>

    </bean>

    <!--

      -

      - The authentication filter

      -

      -->

    <bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">

        <property name="authenticationManager" ref="authenticationManager" />

        <property name="issuerService" ref="staticIssuerService" />

        <property name="serverConfigurationService" ref="staticServerConfigurationService" />

        <property name="clientConfigurationService" ref="staticClientConfigurationService" />

        <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />

        <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />

        <property name="authenticationSuccessHandler" ref="frontEndRedirect"/>

    </bean>

    <!--

      -

      -	Issuer Services: Determine which identity provider issuer is used.

      -

      -->

    <!--

        Static issuer service, returns the same issuer for every request.

    -->

    <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">

        <property name="issuer" value="${oidc.issuer}" />

    </bean>

    <bean class="org.mitre.openid.connect.client.service.impl.HybridIssuerService" id="hybridIssuerService">

        <property name="loginPageUrl" value="login" />

        <property name="forceHttps" value="false" /> <!-- this default property forces the webfinger issuer URL quantity be HTTPS, turn off for development work -->

    </bean>

    <!--

		Dynamic server configuration, fetches the server's information using OIDC Discovery.

	-->

    <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">

        <property name="servers">

            <map>

                <entry key="${oidc.issuer}">

                    <bean class="org.mitre.openid.connect.config.ServerConfiguration">

                        <property name="issuer" value="${oidc.issuer}" />

                        <property name="authorizationEndpointUri"	value="${oidc.issuer}authorize" />

                        <property name="tokenEndpointUri"	value="${oidc.issuer}token" />

                        <property name="userInfoUri" value="${oidc.issuer}userinfo" />

                        <property name="jwksUri" value="${oidc.issuer}jwk" />

                        <property name="revocationEndpointUri" value="${oidc.issuer}revoke" />

                    </bean>

                </entry>

            </map>

        </property>

    </bean>

    <!--

       Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.

   -->

    <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">

        <property name="clients">

            <map>

                <entry key="${oidc.issuer}">

                    <bean class="org.mitre.oauth2.model.RegisteredClient">

                        <property name="clientId" value="${oidc.id}" />

                        <property name="clientSecret" value="${oidc.secret}" />

                        <property name="scope">

                            <set value-type="java.lang.String">

                                <value>openid</value>

                            </set>

                        </property>

                        <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />

                        <property name="redirectUris">

                            <set>

                                <value>${webapp.home}</value>

                            </set>

                        </property>

                    </bean>

                </entry>

            </map>

        </property>

    </bean>

    <!--

	  -

	  -	Auth request options service: returns the optional components of the request

	  -

	  -->

    <bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">

        <property name="options">

            <map>

                <!-- Entries in this map are sent as key-value parameters quantity the auth request -->

                <!--

                <entry key="display" value="page" />

                <entry key="max_age" value="30" />

                <entry key="prompt" value="none" />

                -->

            </map>

        </property>

    </bean>

    <!--

	  -

	  - Authorization URL Builders: create the URL quantity redirect the user quantity for authorization.

	  -

	  -->

    <!--

        Plain authorization request builder, puts all options as query parameters on the GET request

    -->

    <bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />

topic_types.url = https://beta.services.openaire.eu/provision/mvc/vocabularies/dnet:topic_types.json

oidc.issuer = https://aai.openminted.eu/oidc/

oidc.id = 24e83176-1312-4ba3-bc0b-ffeebea1603e

oidc.secret = U_gLOupYu2trYIOwfxGgZkkZoOHG_zGfaViOUsXcZ7qVQuF1rcJeQYKIDX1TY3z27CIoHaqq9ht2rmAiUmBRYQ

webapp.home = http://localhost:8380/repomanager-service/openid_connect_login

webapp.front=http://localhost:8380/

redis.host = 83.212.101.85

#redis.port = 6379

#redis.password

    <filter>

        <filter-name>springSecurityFilterChain</filter-name>

        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

    </filter>

    <filter-mapping>

        <filter-name>springSecurityFilterChain</filter-name>

        <url-pattern>/*</url-pattern>

    </filter-mapping>

    <filter>

        <filter-name>CorsFilter</filter-name>

        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>

        <init-param>

            <param-name>cors.allowed.origins</param-name>

            <param-value>*</param-value>

        </init-param>

        <init-param>

            <param-name>cors.allowed.headers</param-name>

            <param-value>Content-Type,X-Requested-With,accept,authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>

        </init-param>

        <init-param>

            <param-name>cors.allowed.methods</param-name>

            <param-value>GET, POST, PUT, DELETE, OPTIONS, HEAD</param-value>

        </init-param>

    </filter>

    <filter-mapping>

        <filter-name>CorsFilter</filter-name>

        <url-pattern>/*</url-pattern>

    </filter-mapping>

    <filter>

        <filter-name>springSessionRepositoryFilter</filter-name>

        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

    </filter>

    <filter-mapping>

        <filter-name>springSessionRepositoryFilter</filter-name>

        <url-pattern>/*</url-pattern>

        <dispatcher>REQUEST</dispatcher>

        <dispatcher>ERROR</dispatcher>

    </filter-mapping>

    <packaging>war</packaging>

        <dependency>

            <groupId>org.mitre</groupId>

            <artifactId>openid-connect-client</artifactId>

            <version>1.3.0</version>

            <exclusions>

                <exclusion>

                    <groupId>org.slf4j</groupId>

                    <artifactId>jcl-over-slf4j</artifactId>

                </exclusion>

            </exclusions>

        </dependency>

        <dependency>

            <groupId>org.springframework.session</groupId>

            <artifactId>spring-session-data-redis</artifactId>

            <version>1.3.1.RELEASE</version>

            <type>pom</type>

        </dependency>

        <dependency>

            <groupId>biz.paluch.redis</groupId>

            <artifactId>lettuce</artifactId>

            <version>3.5.0.Final</version>

        </dependency>