Project

General

Profile

« Previous | Next » 

Revision 60130

[Authorization-library | Redis]: Redis integration completed

View differences:

modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/utils/UserInfo.java
1
package eu.dnetlib.uoaauthorizationlibrary.utils;
2

  
3
import java.util.ArrayList;
4
import java.util.List;
5

  
6
public class UserInfo {
7
    String sub;
8
    String name;
9
    String email;
10
    List<String> edu_person_entitlements = new ArrayList<String>();
11
    List<String> roles = new ArrayList<>();
12

  
13
    @Override
14
    public String toString() {
15
        return "UserInfo{" +
16
                "sub='" + sub + '\'' +
17
                "name='" + name + '\'' +
18
                ", email='" + email + '\'' +
19
                ", edu_person_entitlements=" + edu_person_entitlements +
20
                ", roles=" + roles +
21
                '}';
22
    }
23

  
24
    public String getSub() {
25
        return sub;
26
    }
27

  
28
    public void setSub(String sub) {
29
        this.sub = sub;
30
    }
31

  
32
    public String getName() {
33
        return name;
34
    }
35

  
36
    public void setName(String name) {
37
        this.name = name;
38
    }
39

  
40
    public String getEmail() {
41
        return email;
42
    }
43

  
44
    public void setEmail(String email) {
45
        this.email = email;
46
    }
47

  
48
    public List<String> getEdu_person_entitlements() {
49
        return edu_person_entitlements;
50
    }
51

  
52
    public void setEdu_person_entitlements(List<String> edu_person_entitlements) {
53
        this.edu_person_entitlements = edu_person_entitlements;
54
    }
55

  
56
    public List<String> getRoles() {
57
        return roles;
58
    }
59

  
60
    public void setRoles(List<String> roles) {
61
        this.roles = roles;
62
    }
63
}
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/utils/AuthorizationUtils.java
1
package eu.dnetlib.uoaauthorizationlibrary.utils;
2

  
3
import com.google.gson.Gson;
4
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
5
import org.apache.log4j.Logger;
6
import org.springframework.beans.factory.annotation.Autowired;
7
import org.springframework.stereotype.Component;
8

  
9
import javax.servlet.http.Cookie;
10
import javax.servlet.http.HttpServletRequest;
11
import java.io.BufferedReader;
12
import java.io.InputStreamReader;
13
import java.io.StringReader;
14
import java.net.HttpURLConnection;
15
import java.net.URL;
16

  
17
@Component
18
public class AuthorizationUtils {
19
    private final Logger log = Logger.getLogger(this.getClass());
20
    private SecurityConfig securityConfig;
21

  
22
    @Autowired
23
    AuthorizationUtils(SecurityConfig securityConfig) {
24
        this.securityConfig = securityConfig;
25
    }
26

  
27
    public String getToken(HttpServletRequest request) {
28
        return this.getCookie(request, "AccessToken");
29
    }
30

  
31
    public boolean checkCookies(HttpServletRequest request) {
32
        boolean valid = true;
33
        String cookieValue = this.getCookie(request, "AccessToken");
34
        if (cookieValue == null || cookieValue.isEmpty()) {
35
            log.info("no cookie available ");
36
            valid = false;
37
        }
38
        return valid;
39
    }
40

  
41
    private String getCookie(HttpServletRequest request, String cookieName) {
42
        if (request.getCookies() == null) {
43
            return null;
44
        }
45
        for (Cookie c : request.getCookies()) {
46
            if (c.getName().equals(cookieName)) {
47
                return c.getValue();
48
            }
49

  
50
        }
51
        return null;
52
    }
53

  
54
    public UserInfo getUserInfo(String accessToken) {
55
        String url = securityConfig.getUserInfoUrl() + accessToken;
56
        try {
57
            URL obj = new URL(url);
58
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
59
            if (con.getResponseCode() != 200) {
60
                log.debug("User info response code is: " + con.getResponseCode());
61
                return null;
62
            }
63
            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
64
            StringBuilder response = new StringBuilder();
65
            String inputLine;
66
            while ((inputLine = in.readLine()) != null) {
67
                response.append(inputLine).append("\n");
68
            }
69
            in.close();
70
            return json2UserInfo(response.toString());
71
        } catch (Exception e) {
72
            log.error("An error occured while trying to fetch user info ", e);
73
            return null;
74
        }
75
    }
76

  
77
    private UserInfo json2UserInfo(String json) {
78
        if (json == null) {
79
            return null;
80
        }
81
        BufferedReader br = new BufferedReader(new StringReader(json));
82
        //convert the json string back to object
83
        Gson gson = new Gson();
84
        UserInfo userInfo = null;
85
        try {
86
            userInfo = gson.fromJson(br, UserInfo.class);
87
        } catch (Exception e) {
88
            log.debug("Error in parsing json response. Given json is : " + json, e);
89
            return null;
90
        }
91
        try {
92
            if (userInfo != null && userInfo.getEdu_person_entitlements() != null) {
93
                for (int i = 0; i < userInfo.getEdu_person_entitlements().size(); i++) {
94
                    String role = userInfo.getEdu_person_entitlements().get(i);
95
                    role = role.split(":")[role.split(":").length - 1];
96
                    role = role.replace("+", " ");
97
                    userInfo.getEdu_person_entitlements().set(i, role);
98
                }
99
            }
100
        } catch (Exception e) {
101
            log.debug("Error in parsing  Edu_person_entitlements : ", e);
102
            return null;
103
        }
104
        return userInfo;
105
    }
106

  
107
    public boolean isAuthorized(String token) {
108
        UserInfo userInfo = getUserInfo(token);
109
        if (userInfo != null) {
110
            return true;
111
        } else {
112
            log.debug(" User has no Valid UserInfo");
113
            return false;
114
        }
115

  
116
    }
117
}
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/SecurityConfig.java
1
package eu.dnetlib.uoaauthorizationlibrary.configuration;
2

  
3
import org.springframework.boot.context.properties.ConfigurationProperties;
4

  
5
@ConfigurationProperties("authorization.security")
6
public class SecurityConfig {
7

  
8
    private String userInfoUrl;
9
    private String originServer;
10

  
11
    public String getUserInfoUrl() {
12
        return userInfoUrl;
13
    }
14

  
15
    public void setUserInfoUrl(String userInfoUrl) {
16
        this.userInfoUrl = userInfoUrl;
17
    }
18

  
19
    public String getOriginServer() {
20
        return originServer;
21
    }
22

  
23
    public void setOriginServer(String originServer) {
24
        this.originServer = originServer;
25
    }
26

  
27
}
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/configuration/AuthorizationConfiguration.java
1 1
package eu.dnetlib.uoaauthorizationlibrary.configuration;
2 2

  
3
import org.springframework.boot.context.properties.EnableConfigurationProperties;
4
import org.springframework.context.annotation.*;
3
import org.springframework.context.annotation.ComponentScan;
4
import org.springframework.context.annotation.Configuration;
5 5

  
6 6
@Configuration
7
//@PropertySources({
8
//        @PropertySource("classpath:authorization.properties"),
9
//        @PropertySource(value = "classpath:dnet-override.properties", ignoreResourceNotFound = true)
10
//})
11
@EnableConfigurationProperties({SecurityConfig.class})
12 7
@ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" })
13 8
public class AuthorizationConfiguration { }
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilter.java
1
package eu.dnetlib.uoaauthorizationlibrary.security;
2

  
3
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
4
import org.apache.log4j.Logger;
5
import org.springframework.beans.factory.annotation.Autowired;
6
import org.springframework.http.HttpStatus;
7
import org.springframework.security.core.Authentication;
8
import org.springframework.security.core.context.SecurityContextHolder;
9
import org.springframework.stereotype.Component;
10
import org.springframework.web.filter.GenericFilterBean;
11

  
12
import javax.servlet.*;
13
import javax.servlet.http.HttpServletRequest;
14
import javax.servlet.http.HttpServletResponse;
15
import java.io.IOException;
16

  
17
@Component
18
public class AuthorizationFilter implements Filter {
19

  
20
    private AuthorizationProvider authorizationProvider;
21
    private AuthorizationUtils utils;
22
    private final Logger log = Logger.getLogger(this.getClass());
23

  
24
    @Autowired
25
    AuthorizationFilter(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
26
        this.authorizationProvider = authorizationProvider;
27
        this.utils = utils;
28
    }
29

  
30
    @Override
31
    public void init(FilterConfig filterConfig) throws ServletException {
32

  
33
    }
34

  
35
    @Override
36
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {
37
        HttpServletRequest request = (HttpServletRequest) req;
38
        String token = utils.getToken(request);
39
        if (token != null) {
40
            Authentication auth = authorizationProvider.getAuthentication(token);
41
            if(auth != null) {
42
                SecurityContextHolder.getContext().setAuthentication(auth);
43
            }
44
        }
45
        filterChain.doFilter(req, res);
46
    }
47

  
48
    @Override
49
    public void destroy() {
50

  
51
    }
52
}
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/UserDetailsServiceImpl.java
1
package eu.dnetlib.uoaauthorizationlibrary.security;
2

  
3
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
4
import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;
5
import org.springframework.beans.factory.annotation.Autowired;
6
import org.springframework.security.core.GrantedAuthority;
7
import org.springframework.security.core.authority.SimpleGrantedAuthority;
8
import org.springframework.security.core.userdetails.UserDetails;
9
import org.springframework.security.core.userdetails.UserDetailsService;
10
import org.springframework.security.core.userdetails.UsernameNotFoundException;
11
import org.springframework.stereotype.Service;
12

  
13
import java.util.ArrayList;
14
import java.util.List;
15

  
16
@Service
17
public class UserDetailsServiceImpl implements UserDetailsService {
18

  
19
    private AuthorizationUtils utils;
20

  
21
    @Autowired
22
    public UserDetailsServiceImpl(AuthorizationUtils utils) {
23
        this.utils = utils;
24
    }
25

  
26
    private List<GrantedAuthority> getAuthorities(List<String> roles) {
27
        List<GrantedAuthority> authorities = new ArrayList<>();
28
        for(String role : roles) {
29
            authorities.add(new SimpleGrantedAuthority(role));
30
        }
31
        return authorities;
32
    }
33

  
34
    @Override
35
    public UserDetails loadUserByUsername(String token) throws UsernameNotFoundException {
36
        final UserInfo user = utils.getUserInfo(token);
37

  
38
        if (user == null) {
39
            throw new UsernameNotFoundException("invalid token: " + token);
40
        }
41

  
42
        return org.springframework.security.core.userdetails.User
43
                .withUsername(user.getEmail()).password(user.getSub())
44
                .authorities(getAuthorities(user.getRoles()))
45
                .accountExpired(false)
46
                .accountLocked(false)
47
                .credentialsExpired(false)
48
                .disabled(false)
49
                .build();
50
    }
51

  
52
}
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationFilterConfigurer.java
1
package eu.dnetlib.uoaauthorizationlibrary.security;
2

  
3
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
4
import org.springframework.beans.factory.annotation.Autowired;
5
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
6
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
7
import org.springframework.security.web.DefaultSecurityFilterChain;
8
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
9

  
10
public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
11

  
12
    private AuthorizationProvider authorizationProvider;
13
    private AuthorizationUtils utils;
14

  
15
    @Override
16
    public void init(HttpSecurity http) throws Exception {
17
        http.csrf().disable();
18
    }
19

  
20
    @Autowired
21
    public AuthorizationFilterConfigurer(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
22
        this.authorizationProvider = authorizationProvider;
23
        this.utils = utils;
24
    }
25

  
26
    @Override
27
    public void configure(HttpSecurity http) throws Exception {
28
        AuthorizationFilter customFilter = new AuthorizationFilter(authorizationProvider, utils);
29
        http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
30
    }
31

  
32
}
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationProvider.java
1
package eu.dnetlib.uoaauthorizationlibrary.security;
2

  
3
import org.springframework.beans.factory.annotation.Autowired;
4
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
5
import org.springframework.security.core.Authentication;
6
import org.springframework.security.core.userdetails.UserDetails;
7
import org.springframework.security.core.userdetails.UsernameNotFoundException;
8
import org.springframework.stereotype.Component;
9

  
10
@Component
11
public class AuthorizationProvider {
12

  
13
    private UserDetailsServiceImpl userDetailsService;
14

  
15
    @Autowired
16
    AuthorizationProvider(UserDetailsServiceImpl userDetailsService) {
17
        this.userDetailsService = userDetailsService;
18
    }
19

  
20
    public Authentication getAuthentication(String token) {
21
        try {
22
            UserDetails userDetails = userDetailsService.loadUserByUsername(token);
23
            return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities());
24
        } catch (UsernameNotFoundException e) {
25
            return null;
26
        }
27
    }
28
}
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationService.java
1 1
package eu.dnetlib.uoaauthorizationlibrary.security;
2 2

  
3 3
import org.apache.log4j.Logger;
4
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
5
import org.mitre.openid.connect.model.UserInfo;
4 6
import org.springframework.security.core.Authentication;
5 7
import org.springframework.security.core.GrantedAuthority;
6 8
import org.springframework.security.core.context.SecurityContextHolder;
......
14 16
public class AuthorizationService {
15 17
    private final Logger log = Logger.getLogger(this.getClass());
16 18

  
17

  
18
    public final String SUPER_ADMIN = "SUPER_ADMINISTRATOR";
19 19
    public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";
20
    public final String USER_ADMIN = "USER_MANAGER";
21 20
    public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";
22 21

  
23 22
    private String mapType(String type) {
......
73 72

  
74 73
    public String getAaiId() {
75 74
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
76
        if(authentication != null) {
77
            User user = (User) authentication.getPrincipal();
78
            return user.getPassword();
75
        if(authentication instanceof OIDCAuthenticationToken) {
76
            return ((OIDCAuthenticationToken) authentication).getSub();
79 77
        }
80 78
        return null;
81 79
    }
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/WebSecurityConfig.java
1 1
package eu.dnetlib.uoaauthorizationlibrary.security;
2 2

  
3
import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
4
import org.springframework.beans.factory.annotation.Autowired;
5 3
import org.springframework.context.annotation.ComponentScan;
6 4
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
7 5
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
8 6
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
9 7
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
10
import org.springframework.security.config.http.SessionCreationPolicy;
11 8

  
12 9
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
13 10
@EnableWebSecurity
14 11
@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})
15 12
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
16 13

  
17
    private AuthorizationProvider authorizationProvider;
18
    private AuthorizationUtils utils;
19

  
20
    @Autowired
21
    WebSecurityConfig(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
22
        this.authorizationProvider = authorizationProvider;
23
        this.utils = utils;
24
    }
25

  
26 14
    @Override
27 15
    protected void configure(HttpSecurity http) throws Exception {
28
        http.apply(new AuthorizationFilterConfigurer(authorizationProvider, utils));
29
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
16
        http.csrf().disable();
30 17
        http.authorizeRequests().anyRequest().permitAll();
31 18
        http.httpBasic().authenticationEntryPoint(new EntryPoint());
32 19
    }
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/CorsConfig.java
1 1
package eu.dnetlib.uoaauthorizationlibrary.security;
2 2

  
3
import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;
4
import org.springframework.beans.factory.annotation.Autowired;
5 3
import org.springframework.context.annotation.Configuration;
6 4
import org.springframework.web.servlet.config.annotation.CorsRegistry;
7 5
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
......
9 7
@Configuration
10 8
public class CorsConfig extends WebMvcConfigurerAdapter {
11 9

  
12
    SecurityConfig securityConfig;
13

  
14
    @Autowired
15
    CorsConfig(SecurityConfig securityConfig) {
16
        this.securityConfig = securityConfig;
17
    }
18

  
19 10
    @Override
20 11
    public void addCorsMappings(CorsRegistry registry) {
21 12
        registry.addMapping("/**")
modules/uoa-authorization-library/branches/redis/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/RedisConfig.java
1
package eu.dnetlib.uoaauthorizationlibrary.security;
2

  
3
import org.apache.log4j.Logger;
4
import org.springframework.beans.factory.annotation.Value;
5
import org.springframework.context.annotation.Bean;
6
import org.springframework.context.annotation.Configuration;
7
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
8
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
9
import org.springframework.session.web.http.CookieSerializer;
10
import org.springframework.session.web.http.DefaultCookieSerializer;
11

  
12
@Configuration
13
@EnableRedisHttpSession
14
public class RedisConfig {
15

  
16
    private static final Logger logger = Logger.getLogger(RedisConfig.class);
17

  
18
    @Value("${redis.host:localhost}")
19
    private String host;
20

  
21
    @Value("${redis.port:6379}")
22
    private String port;
23

  
24
    @Value("${redis.password:#{null}}")
25
    private String password;
26

  
27
    @Value("${webbapp.front.domain:.openaire.eu}")
28
    private String domain;
29

  
30
    @Bean
31
    public LettuceConnectionFactory connectionFactory() {
32
        logger.info(String.format("Redis connection listens to %s:%s ",host,port));
33
        LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));
34
        if(password != null) factory.setPassword(password);
35
        return factory;
36
    }
37

  
38
    @Bean
39
    public CookieSerializer cookieSerializer() {
40
        logger.info("Cookie Serializer: Domain is "+domain);
41
        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
42
        serializer.setCookieName("openAIRESession"); // <1>
43
        serializer.setCookiePath("/"); // <2>
44
        serializer.setDomainName(domain);
45
        return serializer;
46
    }
47
}
modules/uoa-authorization-library/branches/redis/pom.xml
40 40
			<artifactId>spring-boot-starter-security</artifactId>
41 41
		</dependency>
42 42
		<dependency>
43
			<groupId>org.springframework.boot</groupId>
44
			<artifactId>spring-boot-starter-data-redis</artifactId>
45
		</dependency>
46
		<dependency>
47
			<groupId>org.springframework.session</groupId>
48
			<artifactId>spring-session-data-redis</artifactId>
49
		</dependency>
50
		<dependency>
51
			<groupId>biz.paluch.redis</groupId>
52
			<artifactId>lettuce</artifactId>
53
			<version>4.3.3.Final</version>
54
		</dependency>
55
		<dependency>
56
			<groupId>org.mitre</groupId>
57
			<artifactId>openid-connect-client</artifactId>
58
			<version>1.3.0</version>
59
			<exclusions>
60
				<exclusion>
61
					<groupId>org.bouncycastle</groupId>
62
					<artifactId>bcprov-jdk15on</artifactId>
63
				</exclusion>
64
			</exclusions>
65
		</dependency>
66
		<dependency>
43 67
			<groupId>com.google.code.gson</groupId>
44 68
			<artifactId>gson</artifactId>
45 69
			<version>2.8.2</version>

Also available in: Unified diff