D-Net

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

  <parent>

    <groupId>eu.dnetlib</groupId>

    <artifactId>dnet45-parent</artifactId>

    <version>1.0.0</version>

  </parent>

  <modelVersion>4.0.0</modelVersion>

  <groupId>eu.dnetlib</groupId>

  <artifactId>uoa-login-core</artifactId>

  <packaging>jar</packaging>

  <version>1.0.1</version>

  <scm>

    <developerConnection>scm:svn:https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/tags/uoa-login-core-1.0.1</developerConnection>

  </scm>

  <name>uoa-login-core</name>

  <url>http://maven.apache.org</url>

  <dependencies>

    <dependency>

      <groupId>junit</groupId>

      <artifactId>junit</artifactId>

      <version>3.8.1</version>

      <scope>test</scope>

    </dependency>

    <!-- About spring security -->

    <dependency>

      <groupId>org.springframework.security</groupId>

      <artifactId>spring-security-core</artifactId>

      <version>4.2.1.RELEASE</version>

    </dependency>

    <dependency>

      <groupId>org.springframework.security</groupId>

      <artifactId>spring-security-config</artifactId>

      <version>4.2.1.RELEASE</version>

    </dependency>

    <dependency>

      <groupId>org.springframework.security</groupId>

      <artifactId>spring-security-web</artifactId>

      <version>4.2.1.RELEASE</version>

    </dependency>

    <!-- About redis -->

    <dependency>

      <groupId>org.springframework.session</groupId>

      <artifactId>spring-session-data-redis</artifactId>

      <version>1.3.1.RELEASE</version>

      <type>pom</type>

    </dependency>

    <dependency>

      <groupId>biz.paluch.redis</groupId>

      <artifactId>lettuce</artifactId>

      <version>3.5.0.Final</version>

    </dependency>

    <dependency>

      <groupId>javax.servlet</groupId>

      <artifactId>javax.servlet-api</artifactId>

      <version>3.0.1</version>

    </dependency>

    <dependency>

      <groupId>org.mitre</groupId>

      <artifactId>openid-connect-client</artifactId>

      <version>1.3.0</version>

      <exclusions>

        <exclusion>

          <groupId>org.bouncycastle</groupId>

          <artifactId>bcprov-jdk15on</artifactId>

        </exclusion>

      </exclusions>

    </dependency>

    <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->

    <dependency>

      <groupId>org.bouncycastle</groupId>

      <artifactId>bcprov-jdk15on</artifactId>

      <version>1.52</version>

    </dependency>

    <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->

    <dependency>

      <groupId>io.jsonwebtoken</groupId>

      <artifactId>jjwt</artifactId>

      <version>0.9.1</version>

    </dependency>

  </dependencies>

</project>

package eu.dnetlib.openaire.user.login.utils;

import com.google.gson.JsonArray;

import com.google.gson.JsonElement;

import org.apache.log4j.Logger;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.authority.SimpleGrantedAuthority;

import java.util.*;

import java.util.regex.Matcher;

import java.util.regex.Pattern;

public class AuthoritiesMapper {

    private static final Logger logger = Logger.getLogger(AuthoritiesMapper.class);

    public static Collection<? extends GrantedAuthority> map(JsonArray entitlements) {

        HashSet<SimpleGrantedAuthority> authorities = new HashSet<>();

        //entitlements.add("urn:geant:openaire.eu:group:datasource.opendoar____$$3469:role=member#aai.openaire.eu");

        provideRoles(entitlements, authorities);

        entityRoles(entitlements, authorities);

        return authorities;

    }

    private static void entityRoles(JsonArray entitlements, Set<SimpleGrantedAuthority> authorities) {

        String  regex = "urn:geant:openaire[.]eu:group:([^:]*):?(.*)?:role=member#aai[.]openaire[.]eu";

        for(JsonElement obj: entitlements) {

            Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString());

            if (matcher.find()) {

                StringBuilder sb = new StringBuilder();

                if(matcher.group(1) != null && matcher.group(1).length() > 0) {

                    sb.append(matcher.group(1).replace("+-+", "_").replaceAll("[+.]", "_").toUpperCase());

                }

                if(matcher.group(2).length() > 0) {

                    sb.append("_");

                    if(matcher.group(2).equals("admins")) {

                        sb.append("MANAGER");

                    } else  {

                        sb.append(matcher.group(2).toUpperCase());

                    }

                }

                authorities.add(new SimpleGrantedAuthority(sb.toString()));

            }

        }

    }

    private static void provideRoles(JsonArray entitlements, Set<SimpleGrantedAuthority> authorities) {

        Map<String, String> userRoles = new HashMap(){{

            put("urn:geant:openaire.eu:group:Super+Administrator:role=member#aai.openaire.eu", "ROLE_ADMIN");

            put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator:role=member#aai.openaire.eu","ROLE_PROVIDE_ADMIN");

        }};

        Map<String,SimpleGrantedAuthority> userRolesMap = new HashMap<>();

        userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole)));

        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));

        if(entitlements != null) {

            entitlements.forEach(role -> {

                SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString());

                if (authority != null) {

                    authorities.add(authority);

                }

            });

        }

    }

}

package eu.dnetlib.openaire.user.login.utils;

import org.apache.log4j.Logger;

import org.mitre.openid.connect.model.OIDCAuthenticationToken;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.core.Authentication;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.context.SecurityContext;

import org.springframework.security.web.context.HttpSessionSecurityContextRepository;

import org.springframework.session.ExpiringSession;

import org.springframework.session.FindByIndexNameSessionRepository;

import org.springframework.stereotype.Service;

import java.util.Collection;

import java.util.Map;

@Service

public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {

    private static final Logger logger = Logger.getLogger(AuthoritiesUpdater.class);

    @Autowired

    FindByIndexNameSessionRepository sessions;

    public void update(String id, Update update) {

        if (sessions != null) {

            Map<String, ExpiringSession> map = sessions.

                    findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, id);

            logger.debug(map.values().toArray().length);

            for (ExpiringSession session : map.values()) {

                logger.debug(session.getId());

                if (!session.isExpired()) {

                    SecurityContext securityContext = session.getAttribute(SPRING_SECURITY_CONTEXT_KEY);

                    Authentication authentication = securityContext.getAuthentication();

                    if (authentication instanceof OIDCAuthenticationToken) {

                        OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;

                        Collection<? extends GrantedAuthority> authorities = update.authorities(authentication.getAuthorities());

                        logger.debug(authorities);

                        securityContext.setAuthentication(new OIDCAuthenticationToken(authOIDC.getSub(), authOIDC.getIssuer(),

                                authOIDC.getUserInfo(), authorities, authOIDC.getIdToken(),

                                authOIDC.getAccessTokenValue(), authOIDC.getRefreshTokenValue()));

                        logger.debug("Update authorities");

                        session.setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext);

                        sessions.save(session);

                    }

                }

            }

        }

    }

    public interface Update {

        Collection<? extends GrantedAuthority> authorities(Collection<? extends GrantedAuthority> old);

    }

}

package eu.dnetlib.openaire.user.login.utils;

import org.springframework.stereotype.Component;

import java.util.*;

public class ScopeReader {

    Set<String> scopes;

    public ScopeReader(String property) {

        if (!property.trim().isEmpty()){

            scopes = new HashSet<String>();

            Collections.addAll(scopes, property.split(","));

        }

    }

    public Set<String> getScopes() {

        return scopes;

    }

    public void setScopes(Set<String> scopes) {

        this.scopes = scopes;

    }

}

package eu.dnetlib.openaire.user.login.utils;

import com.google.gson.JsonObject;

import io.jsonwebtoken.Claims;

import io.jsonwebtoken.Jwts;

import io.jsonwebtoken.SignatureAlgorithm;

import org.apache.log4j.Logger;

import org.mitre.openid.connect.model.OIDCAuthenticationToken;

import org.mitre.openid.connect.model.UserInfo;

import java.io.UnsupportedEncodingException;

import java.net.URLEncoder;

import java.text.ParseException;

import java.util.Date;

public class JWTGenerator {

    private static final Logger logger = Logger.getLogger(JWTGenerator.class);

    /*public static String generateToken(MigrationUser u, String secret) {

        Claims claims = Jwts.claims().setSubject(u.getUsername());

        claims.put("fullname", u.getFullname() + "");

        claims.put("userId", u.getId() + "");

        claims.put("email", u.getEmail() + "");

        claims.put("role", u.getRoleId());

        //expiration

        long nowMillis = System.currentTimeMillis();

        Date now = new Date(nowMillis);

        long ttlMillis = 1800000;

        long expMillis = nowMillis + ttlMillis;

        Date exp = new Date(expMillis);

        return Jwts.builder()

                .setClaims(claims)

                .setExpiration(exp)

                .signWith(SignatureAlgorithm.HS512, secret)

                .compact();

    }*/

    public static String generateToken(OIDCAuthenticationToken authOIDC, String secret) {

        try {

            JsonObject userInfo = authOIDC.getUserInfo().getSource();

            Claims claims = Jwts.claims().setSubject(authOIDC.getUserInfo().getSub());

            claims.put("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8") + "");

            if (authOIDC.getUserInfo().getGivenName() == null){

                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");

                claims.put("firstname", URLEncoder.encode(" ", "UTF-8") + "");

            } else {

                claims.put("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");

            }

            if (authOIDC.getUserInfo().getFamilyName() == null){

                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");

                claims.put("lastname", URLEncoder.encode(" ", "UTF-8") + "");

            } else {

                claims.put("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");

            }

            claims.put("email", authOIDC.getUserInfo().getEmail() + "");

//            if (userInfo.getAsJsonArray("eduPersonScopedAffiliation").toString() != null) {

//                claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");

//            }

            if (userInfo.getAsJsonArray("edu_person_entitlements") == null){

                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role");

                claims.put("role", URLEncoder.encode(" ", "UTF-8") + "");

            } else {

                claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");

            }

            //TODO remove, We don't need it but if we are going to use it, we need to check if the user has affiliation

            //claims.put("edu_person_scoped_affiliations", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + "");

            //TODO remove

            //TODO THIS IS TEST

//            claims.put("fullname", URLEncoder.encode("Σοφία Μπαλτζή", "UTF-8") + "");

//            claims.put("firstname", URLEncoder.encode("Σοφία", "UTF-8") + "");

//            claims.put("lastname", URLEncoder.encode("Μπαλτζή", "UTF-8") + "");

//            claims.put("email", "sofie.mpl@gmail.com" + "");

//            claims.put("edu_person_scoped_affiliations", "faculty");

            Date exp = new Date(authOIDC.getIdToken().getJWTClaimsSet().getExpirationTime().getTime());

//            logger.info("expirationTime: "+ exp);

            //TODO DELETE LOGS

//            logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");

//            logger.info("fullName: " + authOIDC.getUserInfo().getName());

//            logger.info("firstName: " + authOIDC.getUserInfo().getGivenName());

//            logger.info("lastName: " + authOIDC.getUserInfo().getFamilyName());

//            logger.info("email: " + authOIDC.getUserInfo().getEmail());

//            //logger.info("Check everything");

//            logger.info("locale: " + authOIDC.getUserInfo().getSource());

//            logger.info("role: " + userInfo.getAsJsonArray("edu_person_entitlements").toString());

//            //logger.info("affiliation: " + userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString());

//            logger.info("expirationTime: " + exp);

//            logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");

                return Jwts.builder()

                        .setClaims(claims)

                        .setExpiration(exp)

                        .signWith(SignatureAlgorithm.HS512, secret)

                        .compact();

        } catch (ParseException e) {

            e.printStackTrace();

            logger.error("JWT Parse Exception from getting Expiration Time ", e);

            return "error";

        } catch (UnsupportedEncodingException e) {

            e.printStackTrace();

            logger.error("UnsupportedEncodingException UTF-8 ", e);

            return "error";

        }

    }

     public static JsonObject generateJsonToken(OIDCAuthenticationToken authOIDC) {

         try {

            JsonObject userInfo = authOIDC.getUserInfo().getSource();

            JsonObject userInfo2 = new JsonObject();

            if (authOIDC.getUserInfo().getSub() == null) {

                logger.info("User doesn't have sub");

                userInfo2.addProperty("sub", "");

            } else {

                userInfo2.addProperty("sub", URLEncoder.encode(authOIDC.getUserInfo().getSub(), "UTF-8"));

            }

            if (authOIDC.getUserInfo().getName() == null) {

                logger.info("User doesn't have fullname");

                userInfo2.addProperty("fullname", "");

            } else {

                userInfo2.addProperty("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8"));

            }

            if (authOIDC.getUserInfo().getGivenName() == null){

                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");

//                userInfo2.addProperty("firstname", URLEncoder.encode(" ", "UTF-8") + "");

                userInfo2.addProperty("firstname", "");

            } else {

                userInfo2.addProperty("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");

            }

            if (authOIDC.getUserInfo().getFamilyName() == null){

                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name");

//                userInfo2.addProperty("lastname", URLEncoder.encode(" ", "UTF-8") + "");

                userInfo2.addProperty("lastname", "");

            } else {

                userInfo2.addProperty("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");

            }

            userInfo2.addProperty("email", authOIDC.getUserInfo().getEmail() + "");

            if (userInfo.getAsJsonArray("edu_person_entitlements") == null){

                logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role");

//                userInfo2.addProperty("role", URLEncoder.encode(" ", "UTF-8") + "");

                userInfo2.addProperty("role", "");

            } else {

                userInfo2.addProperty("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");

            }

            logger.info("UserINFO: " + userInfo2.toString());

            return userInfo2;

        } catch (UnsupportedEncodingException e) {

            e.printStackTrace();

            logger.error("UnsupportedEncodingException UTF-8 ", e);

            JsonObject error = new JsonObject();

            error.addProperty("error", "UnsupportedEncodingException UTF-8 " + e);

            return error;

        }

     }

    //TODO DELETE IF IT IS NOT NECESSARY

    public static String generateAccessToken(OIDCAuthenticationToken authOIDC, String secret) {

        Claims claims = Jwts.claims().setId(authOIDC.getAccessTokenValue());

        //TODO DELETE LOGS

        logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");

        logger.info("access token: " + authOIDC.getAccessTokenValue());

        logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");

        return Jwts.builder()

                .setClaims(claims)

                .signWith(SignatureAlgorithm.HS512, secret)

                .compact();

    }

    public static String generateToken(UserInfo user, String secret) {

        try {

            JsonObject userInfo = user.getSource();

            Claims claims = Jwts.claims().setSubject(user.getSub());

            claims.put("email", user.getEmail() + "");

            claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");

            return Jwts.builder()

                    .setClaims(claims)

                    .signWith(SignatureAlgorithm.HS512, secret)

                    .compact();

        } catch (UnsupportedEncodingException e) {

            e.printStackTrace();

            logger.error("UnsupportedEncodingException UTF-8 ", e);

            return "error";

        }

    }

}

// How to add it manually

//        long nowMillis = System.currentTimeMillis();

//        //This is my token

//        try {

//            String jwt = Jwts.builder()

//                    .setSubject("Argiro")

//                    .setExpiration(new Date(nowMillis+1800000))

//                    .claim("fullname", "Argiro Kokogianaki")

//                    .claim("id", "8")

//                    .claim("email", "argiro@gmail.com")

//                    .claim("role","2")

//                    .signWith(

//                            SignatureAlgorithm.HS512,

//                            "my-very-secret".getBytes("UTF-8")

//                    )

//                    .compact();

package eu.dnetlib.openaire.user.login.handler;

import com.google.gson.Gson;

import com.google.gson.JsonParser;

import eu.dnetlib.openaire.user.login.utils.JWTGenerator;

import org.apache.log4j.Logger;

import org.mitre.openid.connect.model.OIDCAuthenticationToken;

import org.springframework.security.core.Authentication;

import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import org.springframework.session.FindByIndexNameSessionRepository;

import javax.servlet.http.Cookie;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.util.Base64;

import java.util.Date;

import java.util.regex.Matcher;

import java.util.regex.Pattern;

/**

 * Created by stefanos on 9/5/2017.

 */

public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    private static final Logger logger = Logger.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class);

    private String frontEndURI;

    private String frontPath;

    private String frontDomain;

    @Override

    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IllegalArgumentException, IOException  {

        OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;

        request.getSession().setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, authOIDC.getUserInfo().getEmail());

        try {

            Cookie openAIREUser = new Cookie("openAIREUser",  new Gson().toJson(JWTGenerator.generateJsonToken(authOIDC)));

            Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue());

            String regex = "^([A-Za-z0-9-_=]+)\\.([A-Za-z0-9-_=]+)\\.?([A-Za-z0-9-_.+=]*)$";

            Matcher matcher = Pattern.compile(regex).matcher(authOIDC.getAccessTokenValue());

            if (matcher.find()) {

                long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong();

                accessToken.setMaxAge((int) (exp - (new Date().getTime()/1000)));

            } else {

                accessToken.setMaxAge(3600);

            }

            openAIREUser.setMaxAge(accessToken.getMaxAge());

            logger.debug("access token: " + authOIDC.getAccessTokenValue());

            logger.debug("refresh token: " + authOIDC.getRefreshTokenValue());

            logger.debug("CREDENTIALS > " + authOIDC.getCredentials());

            logger.debug("Authorities > " + authOIDC.getAuthorities());

            logger.debug("\n\nPrincipals > " + authOIDC.getPrincipal());

            logger.debug("\n\nUser Info > " + authOIDC.getUserInfo());

            logger.debug("\n\nopenAIREUser: " + JWTGenerator.generateJsonToken(authOIDC));

            logger.debug("\n////////////////////////////////////////////////////////////////////////////////////////////////\n");

            accessToken.setPath(frontPath);

            openAIREUser.setPath(frontPath);

            if (frontDomain!=null) {

                accessToken.setDomain(frontDomain);

                openAIREUser.setDomain(frontDomain);

            }

            response.addCookie(accessToken);

            response.addCookie(openAIREUser);

            response.sendRedirect(frontEndURI);

        } catch (IOException e) {

            logger.error("IOException in redirection ", e);

            throw new IOException(e);

        }catch (IllegalArgumentException e) {

            logger.error("IllegalArgumentException in redirection ", e);

            throw new IllegalArgumentException(e);

        }

    }

    public String getFrontEndURI() {

        return frontEndURI;

    }

    public void setFrontEndURI(String frontEndURI) {

        this.frontEndURI = frontEndURI;

    }

    public String getFrontPath() {

        return frontPath;

    }

    public void setFrontPath(String frontPath) {

        this.frontPath = frontPath;

    }

    public String getFrontDomain() {

        return frontDomain;

    }

    public void setFrontDomain(String frontDomain) {

        this.frontDomain = frontDomain;

    }

}

package eu.dnetlib.openaire.user.login.authorization;

import com.google.gson.JsonArray;

import com.nimbusds.jwt.JWT;

import eu.dnetlib.openaire.user.login.utils.AuthoritiesMapper;

import org.apache.log4j.Logger;

import org.mitre.openid.connect.client.OIDCAuthoritiesMapper;

import org.mitre.openid.connect.model.UserInfo;

import org.springframework.context.annotation.ComponentScan;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.stereotype.Component;

import java.util.Collection;

@ComponentScan

@Component

public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper {

    private static final Logger logger = Logger.getLogger(OpenAIREAuthoritiesMapper.class);

    @Override

    public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) {

        logger.info("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size());

        JsonArray entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements");

        return AuthoritiesMapper.map(entitlements);

    }

}

package eu.dnetlib.openaire.user.login.registry.beans;

import org.apache.log4j.Logger;

import org.springframework.beans.factory.annotation.Value;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.context.annotation.PropertySource;

import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;

import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;

import org.springframework.session.web.http.CookieSerializer;

import org.springframework.session.web.http.DefaultCookieSerializer;

/**

 * Created by stefanos on 14/6/2017.

 */

@PropertySource(value = {"classpath:eu/dnetlib/openaire/user/login/springContext-userLoginCore.properties"}, ignoreResourceNotFound=false )

@Configuration

@EnableRedisHttpSession

public class Config {

    private static Logger logger = Logger.getLogger(Config.class);

    @Value("${redis.host:localhost}")

    private String host;

    @Value("${redis.port:6379}")

    private String port;

    @Value("${redis.password:#{null}}")

    private String password;

    @Value("${webbapp.front.domain:.openaire.eu}")

    private String domain;

    @Bean

    public LettuceConnectionFactory connectionFactory() {

        logger.info(String.format("Redis connection listens to %s:%s ",host,port));

        LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port));

        if(password != null) factory.setPassword(password);

        return factory;

    }

    @Bean

    public CookieSerializer cookieSerializer() {

        logger.info("Cookie Serializer: Domain is "+domain);

        DefaultCookieSerializer serializer = new DefaultCookieSerializer();

        serializer.setCookieName("openAIRESession"); // <1>

        serializer.setCookiePath("/"); // <2>

//        serializer.setDomainNamePattern(""); //with value "" set's the domain of the service e.g scoobydoo.di.uoa.gr

        serializer.setDomainName(domain);

        return serializer;

    }

}

oidc.id=767422b9-5461-4807-a80a-f9a2072d3a7d

#oidc.id=b116ed87-ff96-4302-ba4a-1d2dc3207c97

oidc.secret=AMQtGlbTXNjwjhF0st28LmM6V0XypMdaVS7tJmGuYFlmH36iIv4t7tVqYuLYrNPkhnZ_GPUJvhymBhFupdgb6aU

#oidc.secret=MadHwSTcmoPTzxtpbnipfmmCxT09UDiejQf2bIIuUdqPv8i2jZDFT_cI8KHtRGMcYHwYQKbdtO3YCg-6vhF3dw

oidc.issuer = https://openaire-dev.aai-dev.grnet.gr/oidc/

oidc.logout = https://openaire-dev.aai-dev.grnet.gr/proxy/saml2/idp/SingleLogoutService.php?ReturnTo=

#oidc.issuer = https://aai.openaire.eu/oidc/

#oidc.logout = https://aai.openaire.eu/proxy/saml2/idp/SingleLogoutService.php?ReturnTo=

#oidc.home = http://rudie.di.uoa.gr:8080/dnet-login/openid_connect_login

redis.host = 127.0.0.1

#redis.port = 6379

#redis.password

webbapp.front = http://mpagasas.di.uoa.gr:4200/reload

webbapp.front.path = /

webbapp.front.domain = .di.uoa.gr

#webbapp.front = https://admin.explore.openaire.eu/

#webbapp.front = https://connect.openaire.eu/

#webbapp.front.path = /

#webbapp.front.domain = .openaire.eu

#oidc.home = https://services.openaire.eu/connect-user-management/openid_connect_login

scopes=openid,profile,email,eduperson_entitlement

#scopes=openid,profile,email,eduperson_entitlement,offline_access

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:context="http://www.springframework.org/schema/context"

       xmlns:security="http://www.springframework.org/schema/security"

       xmlns:util="http://www.springframework.org/schema/util"

       xsi:schemaLocation="

		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd

		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd

		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd

		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"

       default-autowire="byType">

    <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/>

    <!--

      -

      - The authentication filter

      -

      -->

    <bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter">

        <property name="authenticationManager" ref="authenticationManager" />

        <property name="issuerService" ref="staticIssuerService" />

        <property name="serverConfigurationService" ref="staticServerConfigurationService" />

        <property name="clientConfigurationService" ref="staticClientConfigurationService" />

        <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />

        <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />

        <property name="authenticationSuccessHandler" ref="frontEndRedirect"/>

    </bean>

    <!-- The login handler -->

    <bean class="eu.dnetlib.openaire.user.login.handler.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect">

        <property name="frontEndURI" value="${webbapp.front}"/>

        <property name="frontPath" value="${webbapp.front.path}"/>

        <property name="frontDomain" value="${webbapp.front.domain:#{null}}"/>

    </bean>

    <security:http auto-config="false" use-expressions="true"

                   disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"

                   pattern="/**">

        <security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" />

        <security:logout logout-url="/openid_logout" invalidate-session="true" delete-cookies="SESSION"

                         logout-success-url="${oidc.logout}${webbapp.front}"/>

        <security:intercept-url pattern="/personalToken" access="hasAuthority('REGISTERED_USER')"/>

        <security:intercept-url pattern="/serviceToken" access="hasAuthority('REGISTERED_USER')"/>

        <security:intercept-url pattern="/registerService" access="hasAuthority('REGISTERED_USER')"/>

        <security:intercept-url pattern="/editService" access="hasAuthority('REGISTERED_USER')"/>

        <security:intercept-url pattern="/registeredServices" access="hasAuthority('REGISTERED_USER')"/>

        <security:intercept-url pattern="/editRegisteredService" access="hasAuthority('REGISTERED_USER')"/>

        <security:csrf disabled="true"/>

    </security:http>

    <bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>

    <bean id="webexpressionHandler"

          class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>

    <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" >

        <constructor-arg type="java.lang.String" value="/openid_connect_login"/>

    </bean>

    <security:authentication-manager alias="authenticationManager">

        <security:authentication-provider ref="openIdConnectAuthenticationProvider" />

    </security:authentication-manager>

    <bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider">

        <property name="authoritiesMapper">

            <bean class="eu.dnetlib.openaire.user.login.authorization.OpenAIREAuthoritiesMapper"/>

        </property>

    </bean>

    <util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">

        <!--

            This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER.

            Note that having an administrator role on the IdP doesn't grant administrator access on this client.

            These are values from the demo "openid-connect-server-webapp" project of MITREid Connect.

        -->

        <bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority">

            <constructor-arg name="subject" value="subject_value" />

            <constructor-arg name="issuer" value="${oidc.issuer}" />

        </bean>

    </util:set>

    <!--<bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>-->

    <!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->

        <!--<property name="filterProcessesUrl" value="/logout"/>-->

        <!--<constructor-arg index="0" value="/"/>-->

        <!--<constructor-arg index="1">-->

            <!--<list>-->

                <!--<ref bean="securityContextLogoutHandler"/>-->

                <!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->

            <!--</list>-->

        <!--</constructor-arg>-->

    <!--</bean>-->

    <!--<bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURILogoutSuccessHandler" id="frontEndRedirectLogout"/>-->

    <!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">-->

        <!--<property name="filterProcessesUrl" value="/logout"/>-->

        <!--<constructor-arg index="0" value="/"/>-->

        <!--<constructor-arg index="1">-->

            <!--<list>-->

                <!--<ref bean="securityContextLogoutHandler"/>-->

                <!--&lt;!&ndash;ref bean="myLogoutHandler"/&ndash;&gt;-->

            <!--</list>-->

        <!--</constructor-arg>-->

    <!--</bean>-->

    <!--

        Static issuer service, returns the same issuer for every request.

    -->

    <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">

        <property name="issuer" value="${oidc.issuer}" />

    </bean>

    <!--

        Dynamic server configuration, fetches the server's information using OIDC Discovery.

    -->

    <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">

        <property name="servers">

            <map>

                <entry key="${oidc.issuer}">

                    <bean class="org.mitre.openid.connect.config.ServerConfiguration">

                        <property name="issuer" value="${oidc.issuer}" />

                        <property name="authorizationEndpointUri"	value="${oidc.issuer}authorize" />

                        <property name="tokenEndpointUri"	value="${oidc.issuer}token" />

                        <property name="userInfoUri" value="${oidc.issuer}userinfo" />

                        <property name="jwksUri" value="${oidc.issuer}jwk" />

                        <property name="revocationEndpointUri" value="${oidc.issuer}revoke" />

                    </bean>

                </entry>

            </map>

        </property>

    </bean>

    <!--

       Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis.

    -->

    <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">

        <property name="clients">

            <map>

                <entry key="${oidc.issuer}">

                    <bean class="org.mitre.oauth2.model.RegisteredClient">

                        <property name="clientId" value="${oidc.id}" />

                        <property name="clientSecret" value="${oidc.secret}" />

                        <property name="scope" value="#{scopeReader.scopes}"/> <!-- now read from properties file via scopeReader -->

                        <property name="tokenEndpointAuthMethod" value="SECRET_BASIC" />

                        <property name="redirectUris">

                            <set>

                                <value>${oidc.home}</value>

                            </set>

                        </property>

                    </bean>

                </entry>

            </map>

        </property>

    </bean>

    <bean class="eu.dnetlib.openaire.user.login.utils.ScopeReader" id="scopeReader">

        <constructor-arg value="${scopes}"/>

    </bean>

    <!--

      -

      -	Auth request options service: returns the optional components of the request

      -

      -->

    <bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService">

        <property name="options">

            <map>

                <!-- Entries in this map are sent as key-value parameters to the auth request -->

                <!--

                <entry key="display" value="page" />

                <entry key="max_age" value="30" />

                <entry key="prompt" value="none" />

                -->

            </map>

        </property>

    </bean>

    <!--

        Plain authorization request builder, puts all options as query parameters on the GET request

    -->

    <bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" />

    <context:component-scan base-package="eu.dnetlib.openaire.user.login.registry.beans" />

    <context:annotation-config></context:annotation-config>

</beans>

package eu.dnetlib;

import junit.framework.Test;

import junit.framework.TestCase;

import junit.framework.TestSuite;

/**

 * Unit test for simple App.

 */

public class AppTest 

    extends TestCase

{

    /**

     * Create the test case

     *

     * @param testName name of the test case

     */

    public AppTest( String testName )

    {

        super( testName );

    }

    /**

     * @return the suite of tests being tested

     */

    public static Test suite()

    {

        return new TestSuite( AppTest.class );

    }

    /**

     * Rigourous Test :-)

     */

    public void testApp()

    {

        assertTrue( true );

    }

}

{

  "type_source": "SVN",

  "goal": "package -U source:jar",

  "url": "http://svn-public.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/trunk",

  "deploy_repository": "dnet45-snapshots",

  "version": "4",

  "mail": "kiatrop@di.uoa.gr, argirok@di.uoa.gr, k.triantafyllou@di.uoa.gr",

  "deploy_repository_url": "https://maven.d4science.org/nexus/content/repositories/dnet45-snapshots", 

  "name": "uoa-login-core"

}