Revision 59852
Added by Konstantinos Triantafyllou over 3 years ago
| modules/uoa-login-core/trunk/src/main/java/eu/dnetlib/openaire/user/login/utils/AuthoritiesUpdater.java | ||
|---|---|---|
| 1 |
package eu.dnetlib.openaire.user.login.utils; |
|
| 2 |
|
|
| 3 |
import org.apache.log4j.Logger; |
|
| 4 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
|
| 5 |
import org.springframework.beans.factory.annotation.Autowired; |
|
| 6 |
import org.springframework.security.core.Authentication; |
|
| 7 |
import org.springframework.security.core.GrantedAuthority; |
|
| 8 |
import org.springframework.security.core.context.SecurityContext; |
|
| 9 |
import org.springframework.security.web.context.HttpSessionSecurityContextRepository; |
|
| 10 |
import org.springframework.session.ExpiringSession; |
|
| 11 |
import org.springframework.session.FindByIndexNameSessionRepository; |
|
| 12 |
import org.springframework.session.data.redis.RedisOperationsSessionRepository; |
|
| 13 |
import org.springframework.stereotype.Service; |
|
| 14 |
|
|
| 15 |
import java.util.Collection; |
|
| 16 |
import java.util.Map; |
|
| 17 |
|
|
| 18 |
|
|
| 19 |
@Service |
|
| 20 |
public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {
|
|
| 21 |
|
|
| 22 |
private static final Logger logger = Logger.getLogger(AuthoritiesUpdater.class); |
|
| 23 |
|
|
| 24 |
@Autowired |
|
| 25 |
FindByIndexNameSessionRepository sessions; |
|
| 26 |
|
|
| 27 |
public void update(String id, Update update) {
|
|
| 28 |
if (sessions != null) {
|
|
| 29 |
Map<String, ExpiringSession> map = sessions. |
|
| 30 |
findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, id); |
|
| 31 |
logger.debug(map.values().toArray().length); |
|
| 32 |
for (ExpiringSession session : map.values()) {
|
|
| 33 |
logger.debug(session.getId()); |
|
| 34 |
if (!session.isExpired()) {
|
|
| 35 |
SecurityContext securityContext = session.getAttribute(SPRING_SECURITY_CONTEXT_KEY); |
|
| 36 |
Authentication authentication = securityContext.getAuthentication(); |
|
| 37 |
if (authentication instanceof OIDCAuthenticationToken) {
|
|
| 38 |
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication; |
|
| 39 |
Collection<? extends GrantedAuthority> authorities = update.authorities(authentication.getAuthorities()); |
|
| 40 |
logger.debug(authorities); |
|
| 41 |
securityContext.setAuthentication(new OIDCAuthenticationToken(authOIDC.getSub(), authOIDC.getIssuer(), |
|
| 42 |
authOIDC.getUserInfo(), authorities, authOIDC.getIdToken(), |
|
| 43 |
authOIDC.getAccessTokenValue(), authOIDC.getRefreshTokenValue())); |
|
| 44 |
logger.debug("Update authorities");
|
|
| 45 |
session.setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext); |
|
| 46 |
sessions.save(session); |
|
| 47 |
} |
|
| 48 |
} |
|
| 49 |
} |
|
| 50 |
} |
|
| 51 |
} |
|
| 52 |
|
|
| 53 |
public interface Update {
|
|
| 54 |
public Collection<? extends GrantedAuthority> authorities(Collection<? extends GrantedAuthority> old); |
|
| 55 |
} |
|
| 56 |
} |
|
| modules/uoa-login-core/trunk/src/main/java/eu/dnetlib/openaire/user/login/handler/FrontEndLinkURIAuthenticationSuccessHandler.java | ||
|---|---|---|
| 9 | 9 |
import org.apache.log4j.Logger; |
| 10 | 10 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
| 11 | 11 |
import org.springframework.security.core.Authentication; |
| 12 |
import org.springframework.security.core.context.SecurityContextHolder; |
|
| 12 | 13 |
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; |
| 14 |
import org.springframework.session.FindByIndexNameSessionRepository; |
|
| 15 |
import org.springframework.session.Session; |
|
| 13 | 16 |
|
| 14 | 17 |
import javax.servlet.http.Cookie; |
| 15 | 18 |
import javax.servlet.http.HttpServletRequest; |
| ... | ... | |
| 37 | 40 |
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IllegalArgumentException, IOException {
|
| 38 | 41 |
|
| 39 | 42 |
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication; |
| 40 |
|
|
| 43 |
request.getSession().setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, authOIDC.getUserInfo().getEmail()); |
|
| 41 | 44 |
try {
|
| 42 | 45 |
|
| 43 | 46 |
// Cookie jwt = new Cookie("XCsrfToken", JWTGenerator.generateToken(authOIDC, "my-very-secret"));
|
| modules/uoa-login-core/trunk/src/main/resources/eu/dnetlib/openaire/user/login/springContext-userLoginCore.xml | ||
|---|---|---|
| 69 | 69 |
|
| 70 | 70 |
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider"> |
| 71 | 71 |
<property name="authoritiesMapper"> |
| 72 |
<!--<bean class="org.mitre.openid.connect.client.NamedAdminAuthoritiesMapper"> |
|
| 73 |
<property name="admins" ref="namedAdmins" /> |
|
| 74 |
</bean>--> |
|
| 75 | 72 |
<bean class="eu.dnetlib.openaire.user.login.authorization.OpenAIREAuthoritiesMapper"/> |
| 76 | 73 |
</property> |
| 77 | 74 |
</bean> |
Also available in: Unified diff
[Login-core]: Add Authorities updater