Revision 59908
Added by Katerina Iatropoulou over 3 years ago
| modules/dnet-openaire-users/trunk/src/main/java/eu/dnetlib/openaire/usermanagement/RegisteredServicesServlet.java | ||
|---|---|---|
| 155 | 155 |
} |
| 156 | 156 |
|
| 157 | 157 |
private boolean reachedMaximumNumberOfServices(List<RegisteredService> registeredServices) {
|
| 158 |
return registeredServices.size() == 5;
|
|
| 158 |
return registeredServices.size() >= 5;
|
|
| 159 | 159 |
} |
| 160 | 160 |
} |
| modules/dnet-openaire-users/trunk/src/main/java/eu/dnetlib/openaire/usermanagement/RegisterServiceServlet.java | ||
|---|---|---|
| 195 | 195 |
|
| 196 | 196 |
if (mode.equals("create")) {
|
| 197 | 197 |
//Careful! Redirects in method |
| 198 |
checkNumberOfRegisteredServices(request, response, authentication); |
|
| 198 |
if (!checkNumberOfRegisteredServices(request, response, authentication)) {
|
|
| 199 |
return; |
|
| 200 |
} |
|
| 199 | 201 |
String serverRequestJSON = null; |
| 200 | 202 |
if(keyType == null) {
|
| 201 | 203 |
serverRequestJSON = createServiceJson(null, name, email); |
| ... | ... | |
| 223 | 225 |
if(registeredService.getKeyType() != null) {
|
| 224 | 226 |
request.getSession().setAttribute("success",
|
| 225 | 227 |
"Your service has been successfully registered!<br>" + |
| 226 |
"<b>Client ID<b>: " + serviceResponse.getClientId()); |
|
| 228 |
"<b>Client ID</b>: " + serviceResponse.getClientId());
|
|
| 227 | 229 |
} else {
|
| 228 | 230 |
request.getSession().setAttribute("success",
|
| 229 | 231 |
"Your service has been successfully registered!<br>" + |
| ... | ... | |
| 256 | 258 |
if (!registeredServicesUtils.isAuthorized(authentication.getSub(), serviceIdInt)) {
|
| 257 | 259 |
request.getSession().setAttribute("message", "You have no permission to edit the service.");
|
| 258 | 260 |
response.sendRedirect("./registeredServices");
|
| 259 |
} |
|
| 260 | 261 |
|
| 261 |
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(serviceIdInt); |
|
| 262 |
if (registeredService != null && registeredService.getClientId() != null) {
|
|
| 263 |
String serverRequestJSON = null; |
|
| 264 |
if (keyType == null) {
|
|
| 265 |
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email); |
|
| 266 |
} else if (keyType.equals("uri")) {
|
|
| 267 |
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwksUri); |
|
| 268 |
} else if (keyType.equals("value")) {
|
|
| 269 |
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwks); |
|
| 270 |
} |
|
| 271 |
if (serverRequestJSON != null) {
|
|
| 272 |
System.out.println("SERVER JSON " + serverRequestJSON);
|
|
| 273 |
HttpResponse resp = tokenUtils.updateService(registeredService.getClientId(), serverRequestJSON, registeredService.getRegistrationAccessToken()); |
|
| 274 |
if (resp.getStatusLine().getStatusCode() == 200) {
|
|
| 275 |
System.out.println("NAME >>>>" + name);
|
|
| 276 |
registeredService.setName(name); |
|
| 262 |
} else {
|
|
| 277 | 263 |
|
| 278 |
System.out.println("Client Id " + registeredService.getClientId());
|
|
| 279 |
try {
|
|
| 280 |
registeredServicesUtils.getRegisteredServiceDao().update(registeredService); |
|
| 281 |
} catch (SQLException sqle) {
|
|
| 282 |
logger.error("Unable to contact db.", sqle);
|
|
| 283 |
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
|
|
| 284 |
response.setContentType("text/html");
|
|
| 285 |
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
|
|
| 286 |
return; |
|
| 264 |
RegisteredService registeredService = registeredServicesUtils.getRegisteredServiceDao().fetchRegisteredServiceById(serviceIdInt); |
|
| 265 |
if (registeredService != null && registeredService.getClientId() != null) {
|
|
| 266 |
String serverRequestJSON = null; |
|
| 267 |
if (keyType == null) {
|
|
| 268 |
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email); |
|
| 269 |
} else if (keyType.equals("uri")) {
|
|
| 270 |
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwksUri); |
|
| 271 |
} else if (keyType.equals("value")) {
|
|
| 272 |
serverRequestJSON = createServiceJson(registeredService.getClientId(), name, email, jwks); |
|
| 273 |
} |
|
| 274 |
if (serverRequestJSON != null) {
|
|
| 275 |
System.out.println("SERVER JSON " + serverRequestJSON);
|
|
| 276 |
HttpResponse resp = tokenUtils.updateService(registeredService.getClientId(), serverRequestJSON, registeredService.getRegistrationAccessToken()); |
|
| 277 |
if (resp.getStatusLine().getStatusCode() == 200) {
|
|
| 278 |
System.out.println("NAME >>>>" + name);
|
|
| 279 |
registeredService.setName(name); |
|
| 280 |
|
|
| 281 |
System.out.println("Client Id " + registeredService.getClientId());
|
|
| 282 |
try {
|
|
| 283 |
registeredServicesUtils.getRegisteredServiceDao().update(registeredService); |
|
| 284 |
} catch (SQLException sqle) {
|
|
| 285 |
logger.error("Unable to contact db.", sqle);
|
|
| 286 |
request.getSession().setAttribute("message", "Fail to delete the service. Please try again later.");
|
|
| 287 |
response.setContentType("text/html");
|
|
| 288 |
request.getRequestDispatcher("./registeredServices.jsp").include(request, response);
|
|
| 289 |
return; |
|
| 290 |
} |
|
| 291 |
request.getSession().setAttribute("success",
|
|
| 292 |
"Your service has been successfully updated!<br>" + |
|
| 293 |
"<b>Client ID</b>: " + registeredService.getClientId()); |
|
| 287 | 294 |
} |
| 288 |
request.getSession().setAttribute("success",
|
|
| 289 |
"Your service has been successfully updated!<br>" + |
|
| 290 |
"<b>Client ID</b>: " + registeredService.getClientId()); |
|
| 295 |
|
|
| 296 |
} else {
|
|
| 297 |
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
|
| 298 |
response.sendRedirect("./registeredServices");
|
|
| 299 |
return; |
|
| 291 | 300 |
} |
| 292 |
|
|
| 293 | 301 |
} else {
|
| 294 |
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
|
| 302 |
logger.error("Service request JSON is null");
|
|
| 303 |
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
|
| 295 | 304 |
response.sendRedirect("./registeredServices");
|
| 296 | 305 |
return; |
| 297 | 306 |
} |
| 298 |
} else {
|
|
| 299 |
logger.error("Service request JSON is null");
|
|
| 300 |
request.getSession().setAttribute("message", "There was an error registering your service. Please try again later.");
|
|
| 301 |
response.sendRedirect("./registeredServices");
|
|
| 302 |
return; |
|
| 303 | 307 |
} |
| 304 |
} catch(SQLException sqle){
|
|
| 305 |
logger.error("Unable to access service with id " + serviceId, sqle);
|
|
| 306 |
request.getSession().setAttribute("message", "There was an error accessing your service.");
|
|
| 307 |
response.sendRedirect("./registeredServices");
|
|
| 308 |
} catch(SQLException sqle){
|
|
| 309 |
logger.error("Unable to access service with id " + serviceId, sqle);
|
|
| 310 |
request.getSession().setAttribute("message", "There was an error accessing your service.");
|
|
| 311 |
response.sendRedirect("./registeredServices");
|
|
| 308 | 312 |
|
| 309 |
} catch(NumberFormatException nfe){
|
|
| 310 |
logger.error("Unable to access service with id " + serviceId, nfe);
|
|
| 311 |
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
|
| 312 |
response.sendRedirect("./registeredServices");
|
|
| 313 |
}
|
|
| 313 |
} catch(NumberFormatException nfe){
|
|
| 314 |
logger.error("Unable to access service with id " + serviceId, nfe);
|
|
| 315 |
request.getSession().setAttribute("message", "Service with id " + serviceId + " does not exist.");
|
|
| 316 |
response.sendRedirect("./registeredServices");
|
|
| 317 |
} |
|
| 314 | 318 |
} |
| 315 | 319 |
} |
| 316 | 320 |
|
| ... | ... | |
| 358 | 362 |
return name != null && !name.isEmpty(); |
| 359 | 363 |
} |
| 360 | 364 |
|
| 361 |
private void checkNumberOfRegisteredServices(HttpServletRequest request, HttpServletResponse response, OIDCAuthenticationToken authentication) throws IOException {
|
|
| 365 |
private boolean checkNumberOfRegisteredServices(HttpServletRequest request, HttpServletResponse response, OIDCAuthenticationToken authentication) throws IOException {
|
|
| 362 | 366 |
try {
|
| 363 | 367 |
long numberOfRegisteredServices = |
| 364 | 368 |
registeredServicesUtils.getRegisteredServiceDao().countRegisteredServices(authentication.getSub()); |
| 365 | 369 |
|
| 366 | 370 |
if (numberOfRegisteredServices >= 5) {
|
| 367 | 371 |
response.sendRedirect("./registeredServices"); // The message there already exists.
|
| 372 |
return false; |
|
| 368 | 373 |
} |
| 369 | 374 |
|
| 370 | 375 |
} catch (SQLException sqle) {
|
| 371 | 376 |
logger.error("Unable to count registered services.", sqle);
|
| 372 | 377 |
request.getSession().setAttribute("message", "Unable to contact DB. Please try again later.");
|
| 373 | 378 |
response.sendRedirect("./registeredServices");
|
| 374 |
return; |
|
| 379 |
return false;
|
|
| 375 | 380 |
} |
| 381 |
|
|
| 382 |
return true; |
|
| 376 | 383 |
} |
| 377 | 384 |
|
| 378 | 385 |
private static String createServiceJson(String clientId, String name, String email) {
|
| modules/dnet-openaire-users/trunk/src/main/java/eu/dnetlib/openaire/usermanagement/OverviewServlet.java | ||
|---|---|---|
| 1 | 1 |
package eu.dnetlib.openaire.usermanagement; |
| 2 | 2 |
|
| 3 | 3 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
| 4 |
import org.springframework.security.core.Authentication; |
|
| 4 | 5 |
import org.springframework.security.core.context.SecurityContextHolder; |
| 5 | 6 |
|
| 6 | 7 |
import javax.servlet.ServletException; |
| ... | ... | |
| 19 | 20 |
|
| 20 | 21 |
if (isAuthenticated) {
|
| 21 | 22 |
OIDCAuthenticationToken authentication = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); |
| 23 |
|
|
| 22 | 24 |
StringBuilder name = new StringBuilder().append(authentication.getUserInfo().getGivenName().charAt(0)); |
| 23 | 25 |
name.append(authentication.getUserInfo().getFamilyName().charAt(0)); |
| 24 | 26 |
request.getSession().setAttribute("authenticated", isAuthenticated);
|
| modules/dnet-openaire-users/trunk/src/main/java/eu/dnetlib/openaire/usermanagement/utils/AuthenticationUtils.java | ||
|---|---|---|
| 1 | 1 |
package eu.dnetlib.openaire.usermanagement.utils; |
| 2 | 2 |
|
| 3 | 3 |
import com.google.gson.JsonParser; |
| 4 |
import eu.dnetlib.openaire.usermanagement.api.Test3Service; |
|
| 4 | 5 |
import org.apache.commons.io.IOUtils; |
| 5 | 6 |
import org.apache.http.HttpResponse; |
| 6 | 7 |
import org.apache.http.NameValuePair; |
| ... | ... | |
| 9 | 10 |
import org.apache.http.impl.client.CloseableHttpClient; |
| 10 | 11 |
import org.apache.http.impl.client.HttpClients; |
| 11 | 12 |
import org.apache.http.message.BasicNameValuePair; |
| 13 |
import org.apache.log4j.Logger; |
|
| 12 | 14 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
| 15 |
import org.springframework.beans.factory.annotation.Value; |
|
| 13 | 16 |
|
| 14 | 17 |
import javax.ws.rs.core.MediaType; |
| 15 | 18 |
import javax.ws.rs.core.Response; |
| ... | ... | |
| 24 | 27 |
import java.util.regex.Pattern; |
| 25 | 28 |
|
| 26 | 29 |
public class AuthenticationUtils {
|
| 30 |
|
|
| 31 |
@Value("${oidc.issuer}")
|
|
| 32 |
private String issuer; |
|
| 33 |
|
|
| 34 |
@Value("${oidc.secret}")
|
|
| 35 |
private String secret; |
|
| 36 |
|
|
| 37 |
@Value("${oidc.id}")
|
|
| 38 |
private String id; |
|
| 39 |
|
|
| 40 |
private Logger logger = Logger.getLogger(AuthenticationUtils.class); |
|
| 41 |
|
|
| 27 | 42 |
public static boolean isAuthenticated(OIDCAuthenticationToken authenticationToken) {
|
| 28 | 43 |
if (authenticationToken != null) {
|
| 29 | 44 |
return true; |
| ... | ... | |
| 38 | 53 |
long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong();
|
| 39 | 54 |
return (exp - (new Date().getTime()/1000)<=0); |
| 40 | 55 |
} |
| 56 |
|
|
| 57 |
/* |
|
| 58 |
public void refreshAccessToken(String refreshToken) {
|
|
| 59 |
//TODO fix this |
|
| 60 |
if (refreshToken == null || refreshToken.isEmpty()) {
|
|
| 61 |
return; |
|
| 62 |
} |
|
| 63 |
|
|
| 64 |
CloseableHttpClient httpclient = HttpClients.createDefault(); |
|
| 65 |
HttpPost httppost = new HttpPost(issuer+"/token"); |
|
| 66 |
|
|
| 67 |
// Request parameters and other properties. |
|
| 68 |
List<NameValuePair> params = new ArrayList<NameValuePair>(); |
|
| 69 |
params.add(new BasicNameValuePair("client_id", id));
|
|
| 70 |
params.add(new BasicNameValuePair("client_secret", secret));
|
|
| 71 |
params.add(new BasicNameValuePair("grant_type", "refresh_token"));
|
|
| 72 |
params.add(new BasicNameValuePair("refresh_token", refreshToken));
|
|
| 73 |
params.add(new BasicNameValuePair("scope", "openid"));
|
|
| 74 |
|
|
| 75 |
HttpResponse response = null; |
|
| 76 |
|
|
| 77 |
try {
|
|
| 78 |
httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8")); |
|
| 79 |
//Execute and get the response. |
|
| 80 |
response = httpclient.execute(httppost); |
|
| 81 |
org.apache.http.HttpEntity entity = response.getEntity(); |
|
| 82 |
|
|
| 83 |
//TODO fix this |
|
| 84 |
if (response.getStatusLine().getStatusCode() == 401) {
|
|
| 85 |
return; |
|
| 86 |
} |
|
| 87 |
|
|
| 88 |
String serverMessage = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8.name()); |
|
| 89 |
|
|
| 90 |
} catch (UnsupportedEncodingException uee) {
|
|
| 91 |
logger.error(uee); |
|
| 92 |
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(, 500, "Fail to get access token.", uee.getMessage())) |
|
| 93 |
.type(MediaType.APPLICATION_JSON).build(); |
|
| 94 |
|
|
| 95 |
} catch (IOException ioe) {
|
|
| 96 |
logger.error(ioe); |
|
| 97 |
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(String.format(, 500, "Fail to get access token.", ioe.getMessage())) |
|
| 98 |
.type(MediaType.APPLICATION_JSON).build(); |
|
| 99 |
|
|
| 100 |
} |
|
| 101 |
}*/ |
|
| 41 | 102 |
} |
| modules/dnet-openaire-users/trunk/src/main/webapp/registerService.jsp | ||
|---|---|---|
| 166 | 166 |
<button id="create" type="submit" class="uk-button uk-button-primary" onclick="return validate();"> |
| 167 | 167 |
<c:choose> |
| 168 | 168 |
<c:when test="${not empty param.id}">
|
| 169 |
Edit service
|
|
| 169 |
Update service
|
|
| 170 | 170 |
</c:when> |
| 171 | 171 |
<c:otherwise> |
| 172 | 172 |
Add new service |
Also available in: Unified diff
securing edit delete