Project

General

Profile

« Previous | Next » 

Revision 57296

This project contains all the necessary code for the OpenAIRE authentication

View differences:

modules/uoa-login-core/trunk/src/test/java/eu/dnetlib/AppTest.java
1
package eu.dnetlib;
2

  
3
import junit.framework.Test;
4
import junit.framework.TestCase;
5
import junit.framework.TestSuite;
6

  
7
/**
8
 * Unit test for simple App.
9
 */
10
public class AppTest 
11
    extends TestCase
12
{
13
    /**
14
     * Create the test case
15
     *
16
     * @param testName name of the test case
17
     */
18
    public AppTest( String testName )
19
    {
20
        super( testName );
21
    }
22

  
23
    /**
24
     * @return the suite of tests being tested
25
     */
26
    public static Test suite()
27
    {
28
        return new TestSuite( AppTest.class );
29
    }
30

  
31
    /**
32
     * Rigourous Test :-)
33
     */
34
    public void testApp()
35
    {
36
        assertTrue( true );
37
    }
38
}
modules/uoa-login-core/trunk/src/main/java/eu/dnetlib/openaire/user/login/utils/JWTGenerator.java
1
package eu.dnetlib.openaire.user.login.utils;
2

  
3
import com.google.gson.JsonObject;
4
import io.jsonwebtoken.Claims;
5
import io.jsonwebtoken.Jwts;
6
import io.jsonwebtoken.SignatureAlgorithm;
7
import org.apache.log4j.Logger;
8
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
9
import org.mitre.openid.connect.model.UserInfo;
10

  
11
import java.io.UnsupportedEncodingException;
12
import java.net.URLEncoder;
13
import java.text.ParseException;
14
import java.util.Date;
15

  
16
public class JWTGenerator {
17

  
18
    private static final Logger logger = Logger.getLogger(JWTGenerator.class);
19

  
20
    /*public static String generateToken(MigrationUser u, String secret) {
21
        Claims claims = Jwts.claims().setSubject(u.getUsername());
22
        claims.put("fullname", u.getFullname() + "");
23
        claims.put("userId", u.getId() + "");
24
        claims.put("email", u.getEmail() + "");
25
        claims.put("role", u.getRoleId());
26

  
27
        //expiration
28
        long nowMillis = System.currentTimeMillis();
29
        Date now = new Date(nowMillis);
30
        long ttlMillis = 1800000;
31
        long expMillis = nowMillis + ttlMillis;
32
        Date exp = new Date(expMillis);
33

  
34
        return Jwts.builder()
35
                .setClaims(claims)
36
                .setExpiration(exp)
37
                .signWith(SignatureAlgorithm.HS512, secret)
38
                .compact();
39
    }*/
40

  
41
    public static String generateToken(OIDCAuthenticationToken authOIDC, String secret) {
42

  
43
        try {
44

  
45
            JsonObject userInfo = authOIDC.getUserInfo().getSource();
46
            Claims claims = Jwts.claims().setSubject(authOIDC.getUserInfo().getSub());
47
            claims.put("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8") + "");
48

  
49
            if (authOIDC.getUserInfo().getGivenName() == null){
50
                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
51
                claims.put("firstname", URLEncoder.encode(" ", "UTF-8") + "");
52
            } else {
53
                claims.put("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");
54
            }
55
            if (authOIDC.getUserInfo().getFamilyName() == null){
56
                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
57
                claims.put("lastname", URLEncoder.encode(" ", "UTF-8") + "");
58
            } else {
59
                claims.put("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");
60
            }
61

  
62
            claims.put("email", authOIDC.getUserInfo().getEmail() + "");
63

  
64
//            if (userInfo.getAsJsonArray("eduPersonScopedAffiliation").toString() != null) {
65
//                claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");
66
//            }
67

  
68
            if (userInfo.getAsJsonArray("edu_person_entitlements") == null){
69
                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role");
70
                claims.put("role", URLEncoder.encode(" ", "UTF-8") + "");
71
            } else {
72
                claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
73
            }
74

  
75
            //TODO remove, We don't need it but if we are going to use it, we need to check if the user has affiliation
76
            //claims.put("edu_person_scoped_affiliations", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");
77

  
78
            //TODO remove
79
            //TODO THIS IS TEST
80
//            claims.put("fullname", URLEncoder.encode("Σοφία Μπαλτζή", "UTF-8") + "");
81
//            claims.put("firstname", URLEncoder.encode("Σοφία", "UTF-8") + "");
82
//            claims.put("lastname", URLEncoder.encode("Μπαλτζή", "UTF-8") + "");
83
//            claims.put("email", "sofie.mpl@gmail.com" + "");
84
//            claims.put("edu_person_scoped_affiliations", "faculty");
85

  
86
            Date exp = new Date(authOIDC.getIdToken().getJWTClaimsSet().getExpirationTime().getTime());
87
//            logger.info("expirationTime: "+ exp);
88

  
89
            //TODO DELETE LOGS
90
//            logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
91
//            logger.info("fullName: " + authOIDC.getUserInfo().getName());
92
//            logger.info("firstName: " + authOIDC.getUserInfo().getGivenName());
93
//            logger.info("lastName: " + authOIDC.getUserInfo().getFamilyName());
94
//            logger.info("email: " + authOIDC.getUserInfo().getEmail());
95
//            //logger.info("Check everything");
96
//            logger.info("locale: " + authOIDC.getUserInfo().getSource());
97
//            logger.info("role: " + userInfo.getAsJsonArray("edu_person_entitlements").toString());
98
//            //logger.info("affiliation: " + userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString());
99
//            logger.info("expirationTime: " + exp);
100
//            logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
101

  
102
                return Jwts.builder()
103
                        .setClaims(claims)
104
                        .setExpiration(exp)
105
                        .signWith(SignatureAlgorithm.HS512, secret)
106
                        .compact();
107

  
108
        } catch (ParseException e) {
109
            e.printStackTrace();
110
            logger.error("JWT Parse Exception from getting Expiration Time ", e);
111
            return "error";
112
        } catch (UnsupportedEncodingException e) {
113
            e.printStackTrace();
114
            logger.error("UnsupportedEncodingException UTF-8 ", e);
115
            return "error";
116
        }
117
    }
118

  
119

  
120
     public static JsonObject generateJsonToken(OIDCAuthenticationToken authOIDC) {
121
         try {
122

  
123
            JsonObject userInfo = authOIDC.getUserInfo().getSource();
124
            JsonObject userInfo2 = new JsonObject();
125

  
126
            if (authOIDC.getUserInfo().getSub() == null) {
127
                logger.info("User doesn't have sub");
128
                userInfo2.addProperty("sub", "");
129
            } else {
130
                userInfo2.addProperty("sub", URLEncoder.encode(authOIDC.getUserInfo().getSub(), "UTF-8"));
131
            }
132
            if (authOIDC.getUserInfo().getName() == null) {
133
                logger.info("User doesn't have fullname");
134
                userInfo2.addProperty("fullname", "");
135
            } else {
136
                userInfo2.addProperty("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8"));
137
            }
138
            if (authOIDC.getUserInfo().getGivenName() == null){
139
                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
140
//                userInfo2.addProperty("firstname", URLEncoder.encode(" ", "UTF-8") + "");
141
                userInfo2.addProperty("firstname", "");
142
            } else {
143
                userInfo2.addProperty("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");
144
            }
145
            if (authOIDC.getUserInfo().getFamilyName() == null){
146
                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");
147
//                userInfo2.addProperty("lastname", URLEncoder.encode(" ", "UTF-8") + "");
148
                userInfo2.addProperty("lastname", "");
149
            } else {
150
                userInfo2.addProperty("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");
151
            }
152
            userInfo2.addProperty("email", authOIDC.getUserInfo().getEmail() + "");
153

  
154
            if (userInfo.getAsJsonArray("edu_person_entitlements") == null){
155
                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role");
156
//                userInfo2.addProperty("role", URLEncoder.encode(" ", "UTF-8") + "");
157
                userInfo2.addProperty("role", "");
158
            } else {
159
                userInfo2.addProperty("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
160
            }
161

  
162
            logger.info("UserINFO: " + userInfo2.toString());
163
            return userInfo2;
164

  
165
        } catch (UnsupportedEncodingException e) {
166
            e.printStackTrace();
167
            logger.error("UnsupportedEncodingException UTF-8 ", e);
168
            JsonObject error = new JsonObject();
169
            error.addProperty("error", "UnsupportedEncodingException UTF-8 " + e);
170
            return error;
171
        }
172

  
173
     }
174

  
175
    //TODO DELETE IF IT IS NOT NECESSARY
176
    public static String generateAccessToken(OIDCAuthenticationToken authOIDC, String secret) {
177
        Claims claims = Jwts.claims().setId(authOIDC.getAccessTokenValue());
178

  
179
        //TODO DELETE LOGS
180
        logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
181
        logger.info("access token: " + authOIDC.getAccessTokenValue());
182
        logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
183

  
184
        return Jwts.builder()
185
                .setClaims(claims)
186
                .signWith(SignatureAlgorithm.HS512, secret)
187
                .compact();
188
    }
189

  
190

  
191
    public static String generateToken(UserInfo user, String secret) {
192
        try {
193

  
194
            JsonObject userInfo = user.getSource();
195

  
196
            Claims claims = Jwts.claims().setSubject(user.getSub());
197
            claims.put("email", user.getEmail() + "");
198
            claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
199

  
200
            return Jwts.builder()
201
                    .setClaims(claims)
202
                    .signWith(SignatureAlgorithm.HS512, secret)
203
                    .compact();
204
        } catch (UnsupportedEncodingException e) {
205
            e.printStackTrace();
206
            logger.error("UnsupportedEncodingException UTF-8 ", e);
207
            return "error";
208
        }
209
    }
210

  
211
}
212

  
213

  
214

  
215

  
216
// How to add it manually
217
//        long nowMillis = System.currentTimeMillis();
218
//        //This is my token
219
//        try {
220
//            String jwt = Jwts.builder()
221
//                    .setSubject("Argiro")
222
//                    .setExpiration(new Date(nowMillis+1800000))
223
//                    .claim("fullname", "Argiro Kokogianaki")
224
//                    .claim("id", "8")
225
//                    .claim("email", "argiro@gmail.com")
226
//                    .claim("role","2")
227
//                    .signWith(
228
//                            SignatureAlgorithm.HS512,
229
//                            "my-very-secret".getBytes("UTF-8")
230
//                    )
231
//                    .compact();
modules/uoa-login-core/trunk/src/main/java/eu/dnetlib/openaire/user/login/registry/beans/Config.java
1
package eu.dnetlib.openaire.user.login.registry.beans;
2

  
3
import org.apache.log4j.Logger;
4
import org.springframework.beans.factory.annotation.Value;
5
import org.springframework.context.annotation.Bean;
6
import org.springframework.context.annotation.Configuration;
7
import org.springframework.context.annotation.PropertySource;
8
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
9
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
10
import org.springframework.session.web.http.CookieSerializer;
11
import org.springframework.session.web.http.DefaultCookieSerializer;
12

  
13
/**
14
 * Created by stefanos on 14/6/2017.
15
 */
16
/*
17
@PropertySource(value = { "classpath:eu/dnet/openaire/user/login/redis.properties", "classpath:eu/dnet/openaire/user/login/webapp.properties"} )
18
*/
19
@Configuration
20
@EnableRedisHttpSession
21
public class Config {
22

  
23
    private static Logger logger = Logger.getLogger(Config.class);
24

  
25
    @Value("${redis.host:localhost}")
26
    private String host;
27

  
28
    @Value("${redis.port:6379}")
29
    private String port;
30

  
31
    @Value("${redis.password:#{null}}")
32
    private String password;
33

  
34
    @Value("${webbapp.front.domain:.openaire.eu}")
35
    private String domain;
36

  
37
    @Bean
38
    public LettuceConnectionFactory connectionFactory() {
39
        logger.info(String.format("Redis connection listens to %s:%s ",host,port));
40
        LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));
41
        if(password != null) factory.setPassword(password);
42
        return factory;
43
    }
44

  
45
    @Bean
46
    public CookieSerializer cookieSerializer() {
47
        logger.info("Cookie Serializer: Domain is "+domain);
48
        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
49
        serializer.setCookieName("openAIRESession"); // <1>
50
        serializer.setCookiePath("/"); // <2>
51
//        serializer.setDomainNamePattern(""); //with value "" set's the domain of the service e.g scoobydoo.di.uoa.gr
52
        serializer.setDomainName(domain);
53
        return serializer;
54
    }
55
}
modules/uoa-login-core/trunk/src/main/java/eu/dnetlib/openaire/user/login/handler/FrontEndLinkURIAuthenticationSuccessHandler.java
1
package eu.dnetlib.openaire.user.login.handler;
2

  
3
import com.google.gson.Gson;
4
import eu.dnetlib.openaire.user.login.utils.JWTGenerator;
5
import org.apache.log4j.Logger;
6
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
7
import org.springframework.security.core.Authentication;
8
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
9

  
10
import javax.servlet.http.Cookie;
11
import javax.servlet.http.HttpServletRequest;
12
import javax.servlet.http.HttpServletResponse;
13
import java.io.IOException;
14

  
15
/**
16
 * Created by stefanos on 9/5/2017.
17
 */
18
public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
19

  
20
    private static final Logger logger = Logger.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class);
21

  
22
    private String frontEndURI;
23
    private String frontPath;
24
    private String frontDomain;
25

  
26
    @Override
27
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IllegalArgumentException, IOException   {
28

  
29
        OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
30

  
31
        try {
32

  
33
//            Cookie jwt = new Cookie("XCsrfToken", JWTGenerator.generateToken(authOIDC, "my-very-secret"));
34
            //Cookie openAIREUser = new Cookie("openAIREUser",  new Gson().toJson(JWTGenerator.generateJsonToken(authOIDC)));
35
            Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue());
36

  
37
            // Expire the cookies in four hours (4 * 3600)
38
//            jwt.setMaxAge(14400);
39
           // openAIREUser.setMaxAge(14400);
40
            accessToken.setMaxAge(14400);
41

  
42
            //TODO DELETE LOG
43
            logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
44
//            logger.info("jwt: " + JWTGenerator.generateToken(authOIDC, "my-very-secret"));
45
            logger.info("access token: " + authOIDC.getAccessTokenValue());
46
            logger.info("openAIREUser: " + JWTGenerator.generateJsonToken(authOIDC));
47
            logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
48

  
49
            //TODO DELETE LOG
50
//            logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
51
//            logger.info("refresh token: " + authOIDC.getRefreshTokenValue());
52
//            logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");
53

  
54

  
55
//            jwt.setPath(frontPath);
56
          //  openAIREUser.setPath(frontPath);
57
            accessToken.setPath(frontPath);
58

  
59
            if (frontDomain!=null) {
60
//                jwt.setDomain(frontDomain);
61
            //    openAIREUser.setDomain(frontDomain);
62
                accessToken.setDomain(frontDomain);
63
            }
64

  
65
//            response.addCookie(jwt);
66
 //           response.addCookie(openAIREUser);
67
            response.addCookie(accessToken);
68
            response.sendRedirect(frontEndURI);
69

  
70
        } catch (IOException e) {
71
            logger.error("IOException in redirection ", e);
72
            throw new IOException(e);
73
        }catch (IllegalArgumentException e) {
74
            logger.error("IllegalArgumentException in redirection ", e);
75
            throw new IllegalArgumentException(e);
76
        }
77

  
78
    }
79

  
80
    public String getFrontEndURI() {
81
        return frontEndURI;
82
    }
83

  
84
    public void setFrontEndURI(String frontEndURI) {
85
        this.frontEndURI = frontEndURI;
86
    }
87

  
88
    public String getFrontPath() {
89
        return frontPath;
90
    }
91

  
92
    public void setFrontPath(String frontPath) {
93
        this.frontPath = frontPath;
94
    }
95

  
96
    public String getFrontDomain() {
97
        return frontDomain;
98
    }
99

  
100
    public void setFrontDomain(String frontDomain) {
101
        this.frontDomain = frontDomain;
102
    }
103
}
104

  
105

  
modules/uoa-login-core/trunk/src/main/resources/eu/dnetlib/openaire/user/login/springContext-userLoginCore.properties
1
#oidc.id=767422b9-5461-4807-a80a-f9a2072d3a7d
2
oidc.id=b116ed87-ff96-4302-ba4a-1d2dc3207c97
3

  
4
#oidc.secret=AMQtGlbTXNjwjhF0st28LmM6V0XypMdaVS7tJmGuYFlmH36iIv4t7tVqYuLYrNPkhnZ_GPUJvhymBhFupdgb6aU
5
oidc.secret=MadHwSTcmoPTzxtpbnipfmmCxT09UDiejQf2bIIuUdqPv8i2jZDFT_cI8KHtRGMcYHwYQKbdtO3YCg-6vhF3dw
6

  
7
oidc.issuer = https://aai.openaire.eu/oidc/
8
oidc.home = http://rudie.di.uoa.gr:8080/dnet-login/openid_connect_login
9

  
10
redis.host = 127.0.0.1
11
#redis.port = 6379
12
#redis.password
13

  
14
webbapp.front = http://scoobydoo.di.uoa.gr:4200
15
webbapp.front.path = /
16
webbapp.front.domain = .di.uoa.gr
modules/uoa-login-core/trunk/src/main/resources/eu/dnetlib/openaire/user/login/springContext-userLoginCore.xml
1
<?xml version="1.0" encoding="UTF-8"?>
2

  
3
<beans xmlns="http://www.springframework.org/schema/beans"
4
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5
       xmlns:context="http://www.springframework.org/schema/context"
6
       xmlns:security="http://www.springframework.org/schema/security"
7
       xmlns:util="http://www.springframework.org/schema/util"
8
       xsi:schemaLocation="
9
		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
10
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
11
		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd
12
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"
13
       default-autowire="byType">
14

  
15

  
16
    <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>
17

  
18
    <!--
19
      -
20
      - The authentication filter
21
      -
22
      -->
23
    <bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">
24
        <property name="authenticationManager" ref="authenticationManager" />
25
        <property name="issuerService" ref="staticIssuerService" />
26
        <property name="serverConfigurationService" ref="staticServerConfigurationService" />
27
        <property name="clientConfigurationService" ref="staticClientConfigurationService" />
28
        <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
29
        <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
30
        <property name="authenticationSuccessHandler" ref="frontEndRedirect"/>
31

  
32
    </bean>
33

  
34
    <!-- The login handler -->
35
    <bean class="eu.dnetlib.openaire.user.login.handler.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">
36
        <property name="frontEndURI" value="${webbapp.front}"/>
37
        <property name="frontPath" value="${webbapp.front.path}"/>
38
        <property name="frontDomain" value="${webbapp.front.domain:#{null}}"/>
39
    </bean>
40

  
41

  
42
    <security:http auto-config="false" use-expressions="true"
43
                   disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
44
                   pattern="/**">
45
        <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />
46
        <security:logout logout-url="/openid_logout" invalidate-session="true"/>
47
    </security:http>
48

  
49
    <bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>
50

  
51
    <bean id="webexpressionHandler"
52
          class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
53

  
54
    <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >
55
        <constructor-arg type="java.lang.String" value="/openid_connect_login"/>
56
    </bean>
57

  
58
    <security:authentication-manager alias="authenticationManager">
59
        <security:authentication-provider ref="openIdConnectAuthenticationProvider" />
60
    </security:authentication-manager>
61

  
62
    <bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">
63
        <property name="authoritiesMapper">
64
            <bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper">
65
                <property name="admins" ref="namedAdmins" />
66
            </bean>
67
        </property>
68
    </bean>
69

  
70
    <util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
71
        <!--
72
            This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER.
73
            Note that having an administrator role on the IdP doesn't grant administrator access on this client.
74

  
75
            These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.
76
        -->
77
        <bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">
78
            <constructor-arg name="subject" value="subject_value" />
79
            <constructor-arg name="issuer" value="${oidc.issuer}" />
80
        </bean>
81
    </util:set>
82

  
83

  
84
    <!--<bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>-->
85
    <!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
86
        <!--<property name="filterProcessesUrl" value="/logout"/>-->
87
        <!--<constructor-arg index="0" value="/"/>-->
88
        <!--<constructor-arg index="1">-->
89
            <!--<list>-->
90
                <!--<ref bean="securityContextLogoutHandler"/>-->
91
                <!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->
92
            <!--</list>-->
93
        <!--</constructor-arg>-->
94
    <!--</bean>-->
95

  
96
    <!--<bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURILogoutSuccessHandler" id="frontEndRedirectLogout"/>-->
97

  
98
    <!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->
99
        <!--<property name="filterProcessesUrl" value="/logout"/>-->
100
        <!--<constructor-arg index="0" value="/"/>-->
101
        <!--<constructor-arg index="1">-->
102
            <!--<list>-->
103
                <!--<ref bean="securityContextLogoutHandler"/>-->
104
                <!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->
105
            <!--</list>-->
106
        <!--</constructor-arg>-->
107
    <!--</bean>-->
108

  
109
    <!--
110
        Static issuer service, returns the same issuer for every request.
111
    -->
112
    <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
113
        <property name="issuer" value="${oidc.issuer}" />
114
    </bean>
115

  
116
    <!--
117
        Dynamic server configuration, fetches the server's information using OIDC Discovery.
118
    -->
119
    <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
120
        <property name="servers">
121
            <map>
122
                <entry key="${oidc.issuer}">
123
                    <bean class="org.mitre.openid.connect.config.ServerConfiguration">
124
                        <property name="issuer" value="${oidc.issuer}" />
125
                        <property name="authorizationEndpointUri"	value="${oidc.issuer}authorize" />
126
                        <property name="tokenEndpointUri"	value="${oidc.issuer}token" />
127
                        <property name="userInfoUri" value="${oidc.issuer}userinfo" />
128
                        <property name="jwksUri" value="${oidc.issuer}jwk" />
129
                        <property name="revocationEndpointUri" value="${oidc.issuer}revoke" />
130
                    </bean>
131
                </entry>
132
            </map>
133
        </property>
134
    </bean>
135

  
136

  
137
    <!--
138
       Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.
139

  
140
    -->
141

  
142
    <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
143
        <property name="clients">
144
            <map>
145
                <entry key="${oidc.issuer}">
146
                    <bean class="org.mitre.oauth2.model.RegisteredClient">
147
                        <property name="clientId" value="${oidc.id}" />
148
                        <property name="clientSecret" value="${oidc.secret}" />
149
                        <property name="scope">
150
                            <set value-type="java.lang.String">
151
                                <value>openid</value>
152
                            </set>
153
                        </property>
154
                        <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />
155
                        <property name="redirectUris">
156
                            <set>
157
                                <value>${oidc.home}</value>
158
                            </set>
159
                        </property>
160
                    </bean>
161
                </entry>
162
            </map>
163
        </property>
164
    </bean>
165

  
166
    <!--
167
      -
168
      -	Auth request options service: returns the optional components of the request
169
      -
170
      -->
171
    <bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">
172
        <property name="options">
173
            <map>
174
                <!-- Entries in this map are sent as key-value parameters to the auth request -->
175
                <!--
176
                <entry key="display" value="page" />
177
                <entry key="max_age" value="30" />
178
                <entry key="prompt" value="none" />
179
                -->
180
            </map>
181
        </property>
182
    </bean>
183

  
184
    <!--
185
        Plain authorization request builder, puts all options as query parameters on the GET request
186
    -->
187
    <bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />
188

  
189
    <bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
190
    <bean class="org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory"/>
191

  
192
    <context:component-scan base-package="eu.dnetlib.openaire.usermanagement.registry.beans" />
193
    <context:annotation-config></context:annotation-config>
194

  
195
</beans>
modules/uoa-login-core/trunk/pom.xml
1
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
3
  <parent>
4
    <groupId>eu.dnetlib</groupId>
5
    <artifactId>dnet45-parent</artifactId>
6
    <version>1.0.0</version>
7
  </parent>
8
  <modelVersion>4.0.0</modelVersion>
9
  <groupId>eu.dnetlib</groupId>
10
  <artifactId>uoa-login-core</artifactId>
11
  <packaging>jar</packaging>
12
  <version>1.0-SNAPSHOT</version>
13
  <name>uoa-login-core</name>
14
  <url>http://maven.apache.org</url>
15

  
16
  <dependencies>
17
    <dependency>
18
      <groupId>junit</groupId>
19
      <artifactId>junit</artifactId>
20
      <version>3.8.1</version>
21
      <scope>test</scope>
22
    </dependency>
23

  
24
    <!-- About spring security -->
25
    <dependency>
26
      <groupId>org.springframework.security</groupId>
27
      <artifactId>spring-security-core</artifactId>
28
      <version>4.2.1.RELEASE</version>
29
    </dependency>
30
    <dependency>
31
      <groupId>org.springframework.security</groupId>
32
      <artifactId>spring-security-config</artifactId>
33
      <version>4.2.1.RELEASE</version>
34
    </dependency>
35
    <dependency>
36
      <groupId>org.springframework.security</groupId>
37
      <artifactId>spring-security-web</artifactId>
38
      <version>4.2.1.RELEASE</version>
39
    </dependency>
40

  
41
    <!-- About redis -->
42
    <dependency>
43
      <groupId>org.springframework.session</groupId>
44
      <artifactId>spring-session-data-redis</artifactId>
45
      <version>1.3.1.RELEASE</version>
46
      <type>pom</type>
47
    </dependency>
48
    <dependency>
49
      <groupId>biz.paluch.redis</groupId>
50
      <artifactId>lettuce</artifactId>
51
      <version>3.5.0.Final</version>
52
    </dependency>
53

  
54
    <dependency>
55
      <groupId>javax.servlet</groupId>
56
      <artifactId>javax.servlet-api</artifactId>
57
      <version>3.0.1</version>
58
    </dependency>
59

  
60
    <dependency>
61
      <groupId>org.mitre</groupId>
62
      <artifactId>openid-connect-client</artifactId>
63
      <version>1.3.0</version>
64
      <exclusions>
65
        <exclusion>
66
          <groupId>org.bouncycastle</groupId>
67
          <artifactId>bcprov-jdk15on</artifactId>
68
        </exclusion>
69
      </exclusions>
70
    </dependency>
71

  
72
    <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
73
    <dependency>
74
      <groupId>org.bouncycastle</groupId>
75
      <artifactId>bcprov-jdk15on</artifactId>
76
      <version>1.52</version>
77
    </dependency>
78

  
79
    <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->
80
    <dependency>
81
      <groupId>io.jsonwebtoken</groupId>
82
      <artifactId>jjwt</artifactId>
83
      <version>0.9.1</version>
84
    </dependency>
85

  
86
  </dependencies>
87

  
88
</project>

Also available in: Unified diff