Revision 61171
Added by Konstantinos Triantafyllou almost 3 years ago
modules/uoa-login-core/tags/uoa-login-core-1.0.1/pom.xml | ||
---|---|---|
1 |
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> |
|
2 |
<parent> |
|
3 |
<groupId>eu.dnetlib</groupId> |
|
4 |
<artifactId>dnet45-parent</artifactId> |
|
5 |
<version>1.0.0</version> |
|
6 |
</parent> |
|
7 |
<modelVersion>4.0.0</modelVersion> |
|
8 |
<groupId>eu.dnetlib</groupId> |
|
9 |
<artifactId>uoa-login-core</artifactId> |
|
10 |
<packaging>jar</packaging> |
|
11 |
<version>1.0.1</version> |
|
12 |
<scm> |
|
13 |
<developerConnection>scm:svn:https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/tags/uoa-login-core-1.0.1</developerConnection> |
|
14 |
</scm> |
|
15 |
<name>uoa-login-core</name> |
|
16 |
<url>http://maven.apache.org</url> |
|
17 |
|
|
18 |
<dependencies> |
|
19 |
<dependency> |
|
20 |
<groupId>junit</groupId> |
|
21 |
<artifactId>junit</artifactId> |
|
22 |
<version>3.8.1</version> |
|
23 |
<scope>test</scope> |
|
24 |
</dependency> |
|
25 |
|
|
26 |
<!-- About spring security --> |
|
27 |
<dependency> |
|
28 |
<groupId>org.springframework.security</groupId> |
|
29 |
<artifactId>spring-security-core</artifactId> |
|
30 |
<version>4.2.1.RELEASE</version> |
|
31 |
</dependency> |
|
32 |
<dependency> |
|
33 |
<groupId>org.springframework.security</groupId> |
|
34 |
<artifactId>spring-security-config</artifactId> |
|
35 |
<version>4.2.1.RELEASE</version> |
|
36 |
</dependency> |
|
37 |
<dependency> |
|
38 |
<groupId>org.springframework.security</groupId> |
|
39 |
<artifactId>spring-security-web</artifactId> |
|
40 |
<version>4.2.1.RELEASE</version> |
|
41 |
</dependency> |
|
42 |
|
|
43 |
<!-- About redis --> |
|
44 |
<dependency> |
|
45 |
<groupId>org.springframework.session</groupId> |
|
46 |
<artifactId>spring-session-data-redis</artifactId> |
|
47 |
<version>1.3.1.RELEASE</version> |
|
48 |
<type>pom</type> |
|
49 |
</dependency> |
|
50 |
<dependency> |
|
51 |
<groupId>biz.paluch.redis</groupId> |
|
52 |
<artifactId>lettuce</artifactId> |
|
53 |
<version>3.5.0.Final</version> |
|
54 |
</dependency> |
|
55 |
|
|
56 |
<dependency> |
|
57 |
<groupId>javax.servlet</groupId> |
|
58 |
<artifactId>javax.servlet-api</artifactId> |
|
59 |
<version>3.0.1</version> |
|
60 |
</dependency> |
|
61 |
|
|
62 |
<dependency> |
|
63 |
<groupId>org.mitre</groupId> |
|
64 |
<artifactId>openid-connect-client</artifactId> |
|
65 |
<version>1.3.0</version> |
|
66 |
<exclusions> |
|
67 |
<exclusion> |
|
68 |
<groupId>org.bouncycastle</groupId> |
|
69 |
<artifactId>bcprov-jdk15on</artifactId> |
|
70 |
</exclusion> |
|
71 |
</exclusions> |
|
72 |
</dependency> |
|
73 |
|
|
74 |
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on --> |
|
75 |
<dependency> |
|
76 |
<groupId>org.bouncycastle</groupId> |
|
77 |
<artifactId>bcprov-jdk15on</artifactId> |
|
78 |
<version>1.52</version> |
|
79 |
</dependency> |
|
80 |
|
|
81 |
<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt --> |
|
82 |
<dependency> |
|
83 |
<groupId>io.jsonwebtoken</groupId> |
|
84 |
<artifactId>jjwt</artifactId> |
|
85 |
<version>0.9.1</version> |
|
86 |
</dependency> |
|
87 |
|
|
88 |
</dependencies> |
|
89 |
|
|
90 |
</project> |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/main/java/eu/dnetlib/openaire/user/login/utils/AuthoritiesMapper.java | ||
---|---|---|
1 |
package eu.dnetlib.openaire.user.login.utils; |
|
2 |
|
|
3 |
import com.google.gson.JsonArray; |
|
4 |
import com.google.gson.JsonElement; |
|
5 |
import org.apache.log4j.Logger; |
|
6 |
import org.springframework.security.core.GrantedAuthority; |
|
7 |
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
|
8 |
|
|
9 |
import java.util.*; |
|
10 |
import java.util.regex.Matcher; |
|
11 |
import java.util.regex.Pattern; |
|
12 |
|
|
13 |
public class AuthoritiesMapper { |
|
14 |
|
|
15 |
private static final Logger logger = Logger.getLogger(AuthoritiesMapper.class); |
|
16 |
|
|
17 |
public static Collection<? extends GrantedAuthority> map(JsonArray entitlements) { |
|
18 |
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>(); |
|
19 |
//entitlements.add("urn:geant:openaire.eu:group:datasource.opendoar____$$3469:role=member#aai.openaire.eu"); |
|
20 |
provideRoles(entitlements, authorities); |
|
21 |
entityRoles(entitlements, authorities); |
|
22 |
return authorities; |
|
23 |
} |
|
24 |
|
|
25 |
private static void entityRoles(JsonArray entitlements, Set<SimpleGrantedAuthority> authorities) { |
|
26 |
String regex = "urn:geant:openaire[.]eu:group:([^:]*):?(.*)?:role=member#aai[.]openaire[.]eu"; |
|
27 |
for(JsonElement obj: entitlements) { |
|
28 |
Matcher matcher = Pattern.compile(regex).matcher(obj.getAsString()); |
|
29 |
if (matcher.find()) { |
|
30 |
StringBuilder sb = new StringBuilder(); |
|
31 |
if(matcher.group(1) != null && matcher.group(1).length() > 0) { |
|
32 |
sb.append(matcher.group(1).replace("+-+", "_").replaceAll("[+.]", "_").toUpperCase()); |
|
33 |
} |
|
34 |
if(matcher.group(2).length() > 0) { |
|
35 |
sb.append("_"); |
|
36 |
if(matcher.group(2).equals("admins")) { |
|
37 |
sb.append("MANAGER"); |
|
38 |
} else { |
|
39 |
sb.append(matcher.group(2).toUpperCase()); |
|
40 |
} |
|
41 |
} |
|
42 |
authorities.add(new SimpleGrantedAuthority(sb.toString())); |
|
43 |
} |
|
44 |
} |
|
45 |
} |
|
46 |
|
|
47 |
private static void provideRoles(JsonArray entitlements, Set<SimpleGrantedAuthority> authorities) { |
|
48 |
Map<String, String> userRoles = new HashMap(){{ |
|
49 |
put("urn:geant:openaire.eu:group:Super+Administrator:role=member#aai.openaire.eu", "ROLE_ADMIN"); |
|
50 |
put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator:role=member#aai.openaire.eu","ROLE_PROVIDE_ADMIN"); |
|
51 |
}}; |
|
52 |
Map<String,SimpleGrantedAuthority> userRolesMap = new HashMap<>(); |
|
53 |
userRoles.forEach((openaireRole, appRole) -> userRolesMap.put(openaireRole, new SimpleGrantedAuthority(appRole))); |
|
54 |
authorities.add(new SimpleGrantedAuthority("ROLE_USER")); |
|
55 |
if(entitlements != null) { |
|
56 |
entitlements.forEach(role -> { |
|
57 |
SimpleGrantedAuthority authority = userRolesMap.get(role.getAsString()); |
|
58 |
if (authority != null) { |
|
59 |
authorities.add(authority); |
|
60 |
} |
|
61 |
}); |
|
62 |
} |
|
63 |
} |
|
64 |
} |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/main/java/eu/dnetlib/openaire/user/login/utils/AuthoritiesUpdater.java | ||
---|---|---|
1 |
package eu.dnetlib.openaire.user.login.utils; |
|
2 |
|
|
3 |
import org.apache.log4j.Logger; |
|
4 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
|
5 |
import org.springframework.beans.factory.annotation.Autowired; |
|
6 |
import org.springframework.security.core.Authentication; |
|
7 |
import org.springframework.security.core.GrantedAuthority; |
|
8 |
import org.springframework.security.core.context.SecurityContext; |
|
9 |
import org.springframework.security.web.context.HttpSessionSecurityContextRepository; |
|
10 |
import org.springframework.session.ExpiringSession; |
|
11 |
import org.springframework.session.FindByIndexNameSessionRepository; |
|
12 |
import org.springframework.stereotype.Service; |
|
13 |
|
|
14 |
import java.util.Collection; |
|
15 |
import java.util.Map; |
|
16 |
|
|
17 |
|
|
18 |
@Service |
|
19 |
public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository { |
|
20 |
|
|
21 |
private static final Logger logger = Logger.getLogger(AuthoritiesUpdater.class); |
|
22 |
|
|
23 |
@Autowired |
|
24 |
FindByIndexNameSessionRepository sessions; |
|
25 |
|
|
26 |
public void update(String id, Update update) { |
|
27 |
if (sessions != null) { |
|
28 |
Map<String, ExpiringSession> map = sessions. |
|
29 |
findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, id); |
|
30 |
logger.debug(map.values().toArray().length); |
|
31 |
for (ExpiringSession session : map.values()) { |
|
32 |
logger.debug(session.getId()); |
|
33 |
if (!session.isExpired()) { |
|
34 |
SecurityContext securityContext = session.getAttribute(SPRING_SECURITY_CONTEXT_KEY); |
|
35 |
Authentication authentication = securityContext.getAuthentication(); |
|
36 |
if (authentication instanceof OIDCAuthenticationToken) { |
|
37 |
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication; |
|
38 |
Collection<? extends GrantedAuthority> authorities = update.authorities(authentication.getAuthorities()); |
|
39 |
logger.debug(authorities); |
|
40 |
securityContext.setAuthentication(new OIDCAuthenticationToken(authOIDC.getSub(), authOIDC.getIssuer(), |
|
41 |
authOIDC.getUserInfo(), authorities, authOIDC.getIdToken(), |
|
42 |
authOIDC.getAccessTokenValue(), authOIDC.getRefreshTokenValue())); |
|
43 |
logger.debug("Update authorities"); |
|
44 |
session.setAttribute(SPRING_SECURITY_CONTEXT_KEY, securityContext); |
|
45 |
sessions.save(session); |
|
46 |
} |
|
47 |
} |
|
48 |
} |
|
49 |
} |
|
50 |
} |
|
51 |
|
|
52 |
public interface Update { |
|
53 |
Collection<? extends GrantedAuthority> authorities(Collection<? extends GrantedAuthority> old); |
|
54 |
} |
|
55 |
} |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/main/java/eu/dnetlib/openaire/user/login/utils/ScopeReader.java | ||
---|---|---|
1 |
package eu.dnetlib.openaire.user.login.utils; |
|
2 |
|
|
3 |
import org.springframework.stereotype.Component; |
|
4 |
|
|
5 |
import java.util.*; |
|
6 |
|
|
7 |
public class ScopeReader { |
|
8 |
|
|
9 |
Set<String> scopes; |
|
10 |
|
|
11 |
public ScopeReader(String property) { |
|
12 |
if (!property.trim().isEmpty()){ |
|
13 |
scopes = new HashSet<String>(); |
|
14 |
Collections.addAll(scopes, property.split(",")); |
|
15 |
} |
|
16 |
} |
|
17 |
|
|
18 |
public Set<String> getScopes() { |
|
19 |
return scopes; |
|
20 |
} |
|
21 |
|
|
22 |
public void setScopes(Set<String> scopes) { |
|
23 |
this.scopes = scopes; |
|
24 |
} |
|
25 |
} |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/main/java/eu/dnetlib/openaire/user/login/utils/JWTGenerator.java | ||
---|---|---|
1 |
package eu.dnetlib.openaire.user.login.utils; |
|
2 |
|
|
3 |
import com.google.gson.JsonObject; |
|
4 |
import io.jsonwebtoken.Claims; |
|
5 |
import io.jsonwebtoken.Jwts; |
|
6 |
import io.jsonwebtoken.SignatureAlgorithm; |
|
7 |
import org.apache.log4j.Logger; |
|
8 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
|
9 |
import org.mitre.openid.connect.model.UserInfo; |
|
10 |
|
|
11 |
import java.io.UnsupportedEncodingException; |
|
12 |
import java.net.URLEncoder; |
|
13 |
import java.text.ParseException; |
|
14 |
import java.util.Date; |
|
15 |
|
|
16 |
public class JWTGenerator { |
|
17 |
|
|
18 |
private static final Logger logger = Logger.getLogger(JWTGenerator.class); |
|
19 |
|
|
20 |
/*public static String generateToken(MigrationUser u, String secret) { |
|
21 |
Claims claims = Jwts.claims().setSubject(u.getUsername()); |
|
22 |
claims.put("fullname", u.getFullname() + ""); |
|
23 |
claims.put("userId", u.getId() + ""); |
|
24 |
claims.put("email", u.getEmail() + ""); |
|
25 |
claims.put("role", u.getRoleId()); |
|
26 |
|
|
27 |
//expiration |
|
28 |
long nowMillis = System.currentTimeMillis(); |
|
29 |
Date now = new Date(nowMillis); |
|
30 |
long ttlMillis = 1800000; |
|
31 |
long expMillis = nowMillis + ttlMillis; |
|
32 |
Date exp = new Date(expMillis); |
|
33 |
|
|
34 |
return Jwts.builder() |
|
35 |
.setClaims(claims) |
|
36 |
.setExpiration(exp) |
|
37 |
.signWith(SignatureAlgorithm.HS512, secret) |
|
38 |
.compact(); |
|
39 |
}*/ |
|
40 |
|
|
41 |
public static String generateToken(OIDCAuthenticationToken authOIDC, String secret) { |
|
42 |
|
|
43 |
try { |
|
44 |
|
|
45 |
JsonObject userInfo = authOIDC.getUserInfo().getSource(); |
|
46 |
Claims claims = Jwts.claims().setSubject(authOIDC.getUserInfo().getSub()); |
|
47 |
claims.put("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8") + ""); |
|
48 |
|
|
49 |
if (authOIDC.getUserInfo().getGivenName() == null){ |
|
50 |
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name"); |
|
51 |
claims.put("firstname", URLEncoder.encode(" ", "UTF-8") + ""); |
|
52 |
} else { |
|
53 |
claims.put("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + ""); |
|
54 |
} |
|
55 |
if (authOIDC.getUserInfo().getFamilyName() == null){ |
|
56 |
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name"); |
|
57 |
claims.put("lastname", URLEncoder.encode(" ", "UTF-8") + ""); |
|
58 |
} else { |
|
59 |
claims.put("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + ""); |
|
60 |
} |
|
61 |
|
|
62 |
claims.put("email", authOIDC.getUserInfo().getEmail() + ""); |
|
63 |
|
|
64 |
// if (userInfo.getAsJsonArray("eduPersonScopedAffiliation").toString() != null) { |
|
65 |
// claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + ""); |
|
66 |
// } |
|
67 |
|
|
68 |
if (userInfo.getAsJsonArray("edu_person_entitlements") == null){ |
|
69 |
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role"); |
|
70 |
claims.put("role", URLEncoder.encode(" ", "UTF-8") + ""); |
|
71 |
} else { |
|
72 |
claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + ""); |
|
73 |
} |
|
74 |
|
|
75 |
//TODO remove, We don't need it but if we are going to use it, we need to check if the user has affiliation |
|
76 |
//claims.put("edu_person_scoped_affiliations", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString(), "UTF-8") + ""); |
|
77 |
|
|
78 |
//TODO remove |
|
79 |
//TODO THIS IS TEST |
|
80 |
// claims.put("fullname", URLEncoder.encode("Σοφία Μπαλτζή", "UTF-8") + ""); |
|
81 |
// claims.put("firstname", URLEncoder.encode("Σοφία", "UTF-8") + ""); |
|
82 |
// claims.put("lastname", URLEncoder.encode("Μπαλτζή", "UTF-8") + ""); |
|
83 |
// claims.put("email", "sofie.mpl@gmail.com" + ""); |
|
84 |
// claims.put("edu_person_scoped_affiliations", "faculty"); |
|
85 |
|
|
86 |
Date exp = new Date(authOIDC.getIdToken().getJWTClaimsSet().getExpirationTime().getTime()); |
|
87 |
// logger.info("expirationTime: "+ exp); |
|
88 |
|
|
89 |
//TODO DELETE LOGS |
|
90 |
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n"); |
|
91 |
// logger.info("fullName: " + authOIDC.getUserInfo().getName()); |
|
92 |
// logger.info("firstName: " + authOIDC.getUserInfo().getGivenName()); |
|
93 |
// logger.info("lastName: " + authOIDC.getUserInfo().getFamilyName()); |
|
94 |
// logger.info("email: " + authOIDC.getUserInfo().getEmail()); |
|
95 |
// //logger.info("Check everything"); |
|
96 |
// logger.info("locale: " + authOIDC.getUserInfo().getSource()); |
|
97 |
// logger.info("role: " + userInfo.getAsJsonArray("edu_person_entitlements").toString()); |
|
98 |
// //logger.info("affiliation: " + userInfo.getAsJsonArray("edu_person_scoped_affiliations").toString()); |
|
99 |
// logger.info("expirationTime: " + exp); |
|
100 |
// logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n"); |
|
101 |
|
|
102 |
return Jwts.builder() |
|
103 |
.setClaims(claims) |
|
104 |
.setExpiration(exp) |
|
105 |
.signWith(SignatureAlgorithm.HS512, secret) |
|
106 |
.compact(); |
|
107 |
|
|
108 |
} catch (ParseException e) { |
|
109 |
e.printStackTrace(); |
|
110 |
logger.error("JWT Parse Exception from getting Expiration Time ", e); |
|
111 |
return "error"; |
|
112 |
} catch (UnsupportedEncodingException e) { |
|
113 |
e.printStackTrace(); |
|
114 |
logger.error("UnsupportedEncodingException UTF-8 ", e); |
|
115 |
return "error"; |
|
116 |
} |
|
117 |
} |
|
118 |
|
|
119 |
|
|
120 |
public static JsonObject generateJsonToken(OIDCAuthenticationToken authOIDC) { |
|
121 |
try { |
|
122 |
|
|
123 |
JsonObject userInfo = authOIDC.getUserInfo().getSource(); |
|
124 |
JsonObject userInfo2 = new JsonObject(); |
|
125 |
|
|
126 |
if (authOIDC.getUserInfo().getSub() == null) { |
|
127 |
logger.info("User doesn't have sub"); |
|
128 |
userInfo2.addProperty("sub", ""); |
|
129 |
} else { |
|
130 |
userInfo2.addProperty("sub", URLEncoder.encode(authOIDC.getUserInfo().getSub(), "UTF-8")); |
|
131 |
} |
|
132 |
if (authOIDC.getUserInfo().getName() == null) { |
|
133 |
logger.info("User doesn't have fullname"); |
|
134 |
userInfo2.addProperty("fullname", ""); |
|
135 |
} else { |
|
136 |
userInfo2.addProperty("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8")); |
|
137 |
} |
|
138 |
if (authOIDC.getUserInfo().getGivenName() == null){ |
|
139 |
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name"); |
|
140 |
// userInfo2.addProperty("firstname", URLEncoder.encode(" ", "UTF-8") + ""); |
|
141 |
userInfo2.addProperty("firstname", ""); |
|
142 |
} else { |
|
143 |
userInfo2.addProperty("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + ""); |
|
144 |
} |
|
145 |
if (authOIDC.getUserInfo().getFamilyName() == null){ |
|
146 |
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have first name"); |
|
147 |
// userInfo2.addProperty("lastname", URLEncoder.encode(" ", "UTF-8") + ""); |
|
148 |
userInfo2.addProperty("lastname", ""); |
|
149 |
} else { |
|
150 |
userInfo2.addProperty("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + ""); |
|
151 |
} |
|
152 |
userInfo2.addProperty("email", authOIDC.getUserInfo().getEmail() + ""); |
|
153 |
|
|
154 |
if (userInfo.getAsJsonArray("edu_person_entitlements") == null){ |
|
155 |
logger.info("User: " + authOIDC.getUserInfo().getName() + "doesn't have role"); |
|
156 |
// userInfo2.addProperty("role", URLEncoder.encode(" ", "UTF-8") + ""); |
|
157 |
userInfo2.addProperty("role", ""); |
|
158 |
} else { |
|
159 |
userInfo2.addProperty("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + ""); |
|
160 |
} |
|
161 |
|
|
162 |
logger.info("UserINFO: " + userInfo2.toString()); |
|
163 |
return userInfo2; |
|
164 |
|
|
165 |
} catch (UnsupportedEncodingException e) { |
|
166 |
e.printStackTrace(); |
|
167 |
logger.error("UnsupportedEncodingException UTF-8 ", e); |
|
168 |
JsonObject error = new JsonObject(); |
|
169 |
error.addProperty("error", "UnsupportedEncodingException UTF-8 " + e); |
|
170 |
return error; |
|
171 |
} |
|
172 |
|
|
173 |
} |
|
174 |
|
|
175 |
//TODO DELETE IF IT IS NOT NECESSARY |
|
176 |
public static String generateAccessToken(OIDCAuthenticationToken authOIDC, String secret) { |
|
177 |
Claims claims = Jwts.claims().setId(authOIDC.getAccessTokenValue()); |
|
178 |
|
|
179 |
//TODO DELETE LOGS |
|
180 |
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n"); |
|
181 |
logger.info("access token: " + authOIDC.getAccessTokenValue()); |
|
182 |
logger.info("\n////////////////////////////////////////////////////////////////////////////////////////////////\n"); |
|
183 |
|
|
184 |
return Jwts.builder() |
|
185 |
.setClaims(claims) |
|
186 |
.signWith(SignatureAlgorithm.HS512, secret) |
|
187 |
.compact(); |
|
188 |
} |
|
189 |
|
|
190 |
|
|
191 |
public static String generateToken(UserInfo user, String secret) { |
|
192 |
try { |
|
193 |
|
|
194 |
JsonObject userInfo = user.getSource(); |
|
195 |
|
|
196 |
Claims claims = Jwts.claims().setSubject(user.getSub()); |
|
197 |
claims.put("email", user.getEmail() + ""); |
|
198 |
claims.put("role", URLEncoder.encode(userInfo.getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + ""); |
|
199 |
|
|
200 |
return Jwts.builder() |
|
201 |
.setClaims(claims) |
|
202 |
.signWith(SignatureAlgorithm.HS512, secret) |
|
203 |
.compact(); |
|
204 |
} catch (UnsupportedEncodingException e) { |
|
205 |
e.printStackTrace(); |
|
206 |
logger.error("UnsupportedEncodingException UTF-8 ", e); |
|
207 |
return "error"; |
|
208 |
} |
|
209 |
} |
|
210 |
|
|
211 |
} |
|
212 |
|
|
213 |
|
|
214 |
|
|
215 |
|
|
216 |
// How to add it manually |
|
217 |
// long nowMillis = System.currentTimeMillis(); |
|
218 |
// //This is my token |
|
219 |
// try { |
|
220 |
// String jwt = Jwts.builder() |
|
221 |
// .setSubject("Argiro") |
|
222 |
// .setExpiration(new Date(nowMillis+1800000)) |
|
223 |
// .claim("fullname", "Argiro Kokogianaki") |
|
224 |
// .claim("id", "8") |
|
225 |
// .claim("email", "argiro@gmail.com") |
|
226 |
// .claim("role","2") |
|
227 |
// .signWith( |
|
228 |
// SignatureAlgorithm.HS512, |
|
229 |
// "my-very-secret".getBytes("UTF-8") |
|
230 |
// ) |
|
231 |
// .compact(); |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/main/java/eu/dnetlib/openaire/user/login/handler/FrontEndLinkURIAuthenticationSuccessHandler.java | ||
---|---|---|
1 |
package eu.dnetlib.openaire.user.login.handler; |
|
2 |
|
|
3 |
import com.google.gson.Gson; |
|
4 |
import com.google.gson.JsonParser; |
|
5 |
import eu.dnetlib.openaire.user.login.utils.JWTGenerator; |
|
6 |
import org.apache.log4j.Logger; |
|
7 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
|
8 |
import org.springframework.security.core.Authentication; |
|
9 |
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; |
|
10 |
import org.springframework.session.FindByIndexNameSessionRepository; |
|
11 |
|
|
12 |
import javax.servlet.http.Cookie; |
|
13 |
import javax.servlet.http.HttpServletRequest; |
|
14 |
import javax.servlet.http.HttpServletResponse; |
|
15 |
import java.io.IOException; |
|
16 |
import java.util.Base64; |
|
17 |
import java.util.Date; |
|
18 |
import java.util.regex.Matcher; |
|
19 |
import java.util.regex.Pattern; |
|
20 |
|
|
21 |
/** |
|
22 |
* Created by stefanos on 9/5/2017. |
|
23 |
*/ |
|
24 |
public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler { |
|
25 |
|
|
26 |
private static final Logger logger = Logger.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class); |
|
27 |
|
|
28 |
private String frontEndURI; |
|
29 |
private String frontPath; |
|
30 |
private String frontDomain; |
|
31 |
|
|
32 |
@Override |
|
33 |
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IllegalArgumentException, IOException { |
|
34 |
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication; |
|
35 |
request.getSession().setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, authOIDC.getUserInfo().getEmail()); |
|
36 |
try { |
|
37 |
Cookie openAIREUser = new Cookie("openAIREUser", new Gson().toJson(JWTGenerator.generateJsonToken(authOIDC))); |
|
38 |
Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue()); |
|
39 |
String regex = "^([A-Za-z0-9-_=]+)\\.([A-Za-z0-9-_=]+)\\.?([A-Za-z0-9-_.+=]*)$"; |
|
40 |
Matcher matcher = Pattern.compile(regex).matcher(authOIDC.getAccessTokenValue()); |
|
41 |
if (matcher.find()) { |
|
42 |
long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong(); |
|
43 |
accessToken.setMaxAge((int) (exp - (new Date().getTime()/1000))); |
|
44 |
} else { |
|
45 |
accessToken.setMaxAge(3600); |
|
46 |
} |
|
47 |
openAIREUser.setMaxAge(accessToken.getMaxAge()); |
|
48 |
logger.debug("access token: " + authOIDC.getAccessTokenValue()); |
|
49 |
logger.debug("refresh token: " + authOIDC.getRefreshTokenValue()); |
|
50 |
logger.debug("CREDENTIALS > " + authOIDC.getCredentials()); |
|
51 |
logger.debug("Authorities > " + authOIDC.getAuthorities()); |
|
52 |
logger.debug("\n\nPrincipals > " + authOIDC.getPrincipal()); |
|
53 |
logger.debug("\n\nUser Info > " + authOIDC.getUserInfo()); |
|
54 |
logger.debug("\n\nopenAIREUser: " + JWTGenerator.generateJsonToken(authOIDC)); |
|
55 |
logger.debug("\n////////////////////////////////////////////////////////////////////////////////////////////////\n"); |
|
56 |
accessToken.setPath(frontPath); |
|
57 |
openAIREUser.setPath(frontPath); |
|
58 |
if (frontDomain!=null) { |
|
59 |
accessToken.setDomain(frontDomain); |
|
60 |
openAIREUser.setDomain(frontDomain); |
|
61 |
} |
|
62 |
response.addCookie(accessToken); |
|
63 |
response.addCookie(openAIREUser); |
|
64 |
response.sendRedirect(frontEndURI); |
|
65 |
|
|
66 |
} catch (IOException e) { |
|
67 |
logger.error("IOException in redirection ", e); |
|
68 |
throw new IOException(e); |
|
69 |
}catch (IllegalArgumentException e) { |
|
70 |
logger.error("IllegalArgumentException in redirection ", e); |
|
71 |
throw new IllegalArgumentException(e); |
|
72 |
} |
|
73 |
} |
|
74 |
|
|
75 |
public String getFrontEndURI() { |
|
76 |
return frontEndURI; |
|
77 |
} |
|
78 |
|
|
79 |
public void setFrontEndURI(String frontEndURI) { |
|
80 |
this.frontEndURI = frontEndURI; |
|
81 |
} |
|
82 |
|
|
83 |
public String getFrontPath() { |
|
84 |
return frontPath; |
|
85 |
} |
|
86 |
|
|
87 |
public void setFrontPath(String frontPath) { |
|
88 |
this.frontPath = frontPath; |
|
89 |
} |
|
90 |
|
|
91 |
public String getFrontDomain() { |
|
92 |
return frontDomain; |
|
93 |
} |
|
94 |
|
|
95 |
public void setFrontDomain(String frontDomain) { |
|
96 |
this.frontDomain = frontDomain; |
|
97 |
} |
|
98 |
} |
|
99 |
|
|
100 |
|
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/main/java/eu/dnetlib/openaire/user/login/authorization/OpenAIREAuthoritiesMapper.java | ||
---|---|---|
1 |
package eu.dnetlib.openaire.user.login.authorization; |
|
2 |
|
|
3 |
import com.google.gson.JsonArray; |
|
4 |
import com.nimbusds.jwt.JWT; |
|
5 |
import eu.dnetlib.openaire.user.login.utils.AuthoritiesMapper; |
|
6 |
import org.apache.log4j.Logger; |
|
7 |
import org.mitre.openid.connect.client.OIDCAuthoritiesMapper; |
|
8 |
import org.mitre.openid.connect.model.UserInfo; |
|
9 |
import org.springframework.context.annotation.ComponentScan; |
|
10 |
import org.springframework.security.core.GrantedAuthority; |
|
11 |
import org.springframework.stereotype.Component; |
|
12 |
|
|
13 |
import java.util.Collection; |
|
14 |
|
|
15 |
@ComponentScan |
|
16 |
@Component |
|
17 |
public class OpenAIREAuthoritiesMapper implements OIDCAuthoritiesMapper { |
|
18 |
|
|
19 |
private static final Logger logger = Logger.getLogger(OpenAIREAuthoritiesMapper.class); |
|
20 |
@Override |
|
21 |
public Collection<? extends GrantedAuthority> mapAuthorities(JWT jwtToken, UserInfo userInfo) { |
|
22 |
logger.info("entitlements" + userInfo.getSource().getAsJsonArray("edu_person_entitlements").size()); |
|
23 |
JsonArray entitlements = userInfo.getSource().getAsJsonArray("edu_person_entitlements"); |
|
24 |
return AuthoritiesMapper.map(entitlements); |
|
25 |
} |
|
26 |
} |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/main/java/eu/dnetlib/openaire/user/login/registry/beans/Config.java | ||
---|---|---|
1 |
package eu.dnetlib.openaire.user.login.registry.beans; |
|
2 |
|
|
3 |
import org.apache.log4j.Logger; |
|
4 |
import org.springframework.beans.factory.annotation.Value; |
|
5 |
import org.springframework.context.annotation.Bean; |
|
6 |
import org.springframework.context.annotation.Configuration; |
|
7 |
import org.springframework.context.annotation.PropertySource; |
|
8 |
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; |
|
9 |
import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession; |
|
10 |
import org.springframework.session.web.http.CookieSerializer; |
|
11 |
import org.springframework.session.web.http.DefaultCookieSerializer; |
|
12 |
|
|
13 |
/** |
|
14 |
* Created by stefanos on 14/6/2017. |
|
15 |
*/ |
|
16 |
@PropertySource(value = {"classpath:eu/dnetlib/openaire/user/login/springContext-userLoginCore.properties"}, ignoreResourceNotFound=false ) |
|
17 |
@Configuration |
|
18 |
@EnableRedisHttpSession |
|
19 |
public class Config { |
|
20 |
|
|
21 |
private static Logger logger = Logger.getLogger(Config.class); |
|
22 |
|
|
23 |
@Value("${redis.host:localhost}") |
|
24 |
private String host; |
|
25 |
|
|
26 |
@Value("${redis.port:6379}") |
|
27 |
private String port; |
|
28 |
|
|
29 |
@Value("${redis.password:#{null}}") |
|
30 |
private String password; |
|
31 |
|
|
32 |
@Value("${webbapp.front.domain:.openaire.eu}") |
|
33 |
private String domain; |
|
34 |
|
|
35 |
@Bean |
|
36 |
public LettuceConnectionFactory connectionFactory() { |
|
37 |
logger.info(String.format("Redis connection listens to %s:%s ",host,port)); |
|
38 |
LettuceConnectionFactory factory = new LettuceConnectionFactory(host,Integer.parseInt(port)); |
|
39 |
if(password != null) factory.setPassword(password); |
|
40 |
return factory; |
|
41 |
} |
|
42 |
|
|
43 |
@Bean |
|
44 |
public CookieSerializer cookieSerializer() { |
|
45 |
logger.info("Cookie Serializer: Domain is "+domain); |
|
46 |
DefaultCookieSerializer serializer = new DefaultCookieSerializer(); |
|
47 |
serializer.setCookieName("openAIRESession"); // <1> |
|
48 |
serializer.setCookiePath("/"); // <2> |
|
49 |
// serializer.setDomainNamePattern(""); //with value "" set's the domain of the service e.g scoobydoo.di.uoa.gr |
|
50 |
serializer.setDomainName(domain); |
|
51 |
return serializer; |
|
52 |
} |
|
53 |
} |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/main/resources/eu/dnetlib/openaire/user/login/springContext-userLoginCore.properties | ||
---|---|---|
1 |
oidc.id=767422b9-5461-4807-a80a-f9a2072d3a7d |
|
2 |
#oidc.id=b116ed87-ff96-4302-ba4a-1d2dc3207c97 |
|
3 |
|
|
4 |
oidc.secret=AMQtGlbTXNjwjhF0st28LmM6V0XypMdaVS7tJmGuYFlmH36iIv4t7tVqYuLYrNPkhnZ_GPUJvhymBhFupdgb6aU |
|
5 |
#oidc.secret=MadHwSTcmoPTzxtpbnipfmmCxT09UDiejQf2bIIuUdqPv8i2jZDFT_cI8KHtRGMcYHwYQKbdtO3YCg-6vhF3dw |
|
6 |
|
|
7 |
oidc.issuer = https://openaire-dev.aai-dev.grnet.gr/oidc/ |
|
8 |
oidc.logout = https://openaire-dev.aai-dev.grnet.gr/proxy/saml2/idp/SingleLogoutService.php?ReturnTo= |
|
9 |
#oidc.issuer = https://aai.openaire.eu/oidc/ |
|
10 |
#oidc.logout = https://aai.openaire.eu/proxy/saml2/idp/SingleLogoutService.php?ReturnTo= |
|
11 |
|
|
12 |
#oidc.home = http://rudie.di.uoa.gr:8080/dnet-login/openid_connect_login |
|
13 |
|
|
14 |
redis.host = 127.0.0.1 |
|
15 |
#redis.port = 6379 |
|
16 |
#redis.password |
|
17 |
|
|
18 |
webbapp.front = http://mpagasas.di.uoa.gr:4200/reload |
|
19 |
webbapp.front.path = / |
|
20 |
webbapp.front.domain = .di.uoa.gr |
|
21 |
|
|
22 |
#webbapp.front = https://admin.explore.openaire.eu/ |
|
23 |
#webbapp.front = https://connect.openaire.eu/ |
|
24 |
#webbapp.front.path = / |
|
25 |
#webbapp.front.domain = .openaire.eu |
|
26 |
|
|
27 |
#oidc.home = https://services.openaire.eu/connect-user-management/openid_connect_login |
|
28 |
|
|
29 |
scopes=openid,profile,email,eduperson_entitlement |
|
30 |
#scopes=openid,profile,email,eduperson_entitlement,offline_access |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/main/resources/eu/dnetlib/openaire/user/login/springContext-userLoginCore.xml | ||
---|---|---|
1 |
<?xml version="1.0" encoding="UTF-8"?> |
|
2 |
|
|
3 |
<beans xmlns="http://www.springframework.org/schema/beans" |
|
4 |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
|
5 |
xmlns:context="http://www.springframework.org/schema/context" |
|
6 |
xmlns:security="http://www.springframework.org/schema/security" |
|
7 |
xmlns:util="http://www.springframework.org/schema/util" |
|
8 |
xsi:schemaLocation=" |
|
9 |
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd |
|
10 |
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd |
|
11 |
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd |
|
12 |
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd" |
|
13 |
default-autowire="byType"> |
|
14 |
|
|
15 |
|
|
16 |
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager"/> |
|
17 |
|
|
18 |
<!-- |
|
19 |
- |
|
20 |
- The authentication filter |
|
21 |
- |
|
22 |
--> |
|
23 |
<bean id="openIdConnectAuthenticationFilter" class="org.mitre.openid.connect.client.OIDCAuthenticationFilter"> |
|
24 |
<property name="authenticationManager" ref="authenticationManager" /> |
|
25 |
<property name="issuerService" ref="staticIssuerService" /> |
|
26 |
<property name="serverConfigurationService" ref="staticServerConfigurationService" /> |
|
27 |
<property name="clientConfigurationService" ref="staticClientConfigurationService" /> |
|
28 |
<property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" /> |
|
29 |
<property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" /> |
|
30 |
<property name="authenticationSuccessHandler" ref="frontEndRedirect"/> |
|
31 |
|
|
32 |
</bean> |
|
33 |
|
|
34 |
<!-- The login handler --> |
|
35 |
<bean class="eu.dnetlib.openaire.user.login.handler.FrontEndLinkURIAuthenticationSuccessHandler" id="frontEndRedirect"> |
|
36 |
<property name="frontEndURI" value="${webbapp.front}"/> |
|
37 |
<property name="frontPath" value="${webbapp.front.path}"/> |
|
38 |
<property name="frontDomain" value="${webbapp.front.domain:#{null}}"/> |
|
39 |
</bean> |
|
40 |
|
|
41 |
|
|
42 |
<security:http auto-config="false" use-expressions="true" |
|
43 |
disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint" |
|
44 |
pattern="/**"> |
|
45 |
<security:custom-filter before="PRE_AUTH_FILTER" ref="openIdConnectAuthenticationFilter" /> |
|
46 |
<security:logout logout-url="/openid_logout" invalidate-session="true" delete-cookies="SESSION" |
|
47 |
logout-success-url="${oidc.logout}${webbapp.front}"/> |
|
48 |
<security:intercept-url pattern="/personalToken" access="hasAuthority('REGISTERED_USER')"/> |
|
49 |
<security:intercept-url pattern="/serviceToken" access="hasAuthority('REGISTERED_USER')"/> |
|
50 |
<security:intercept-url pattern="/registerService" access="hasAuthority('REGISTERED_USER')"/> |
|
51 |
<security:intercept-url pattern="/editService" access="hasAuthority('REGISTERED_USER')"/> |
|
52 |
<security:intercept-url pattern="/registeredServices" access="hasAuthority('REGISTERED_USER')"/> |
|
53 |
<security:intercept-url pattern="/editRegisteredService" access="hasAuthority('REGISTERED_USER')"/> |
|
54 |
<security:csrf disabled="true"/> |
|
55 |
</security:http> |
|
56 |
|
|
57 |
<bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/> |
|
58 |
|
|
59 |
<bean id="webexpressionHandler" |
|
60 |
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/> |
|
61 |
|
|
62 |
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" > |
|
63 |
<constructor-arg type="java.lang.String" value="/openid_connect_login"/> |
|
64 |
</bean> |
|
65 |
|
|
66 |
<security:authentication-manager alias="authenticationManager"> |
|
67 |
<security:authentication-provider ref="openIdConnectAuthenticationProvider" /> |
|
68 |
</security:authentication-manager> |
|
69 |
|
|
70 |
<bean id="openIdConnectAuthenticationProvider" class="org.mitre.openid.connect.client.OIDCAuthenticationProvider"> |
|
71 |
<property name="authoritiesMapper"> |
|
72 |
<bean class="eu.dnetlib.openaire.user.login.authorization.OpenAIREAuthoritiesMapper"/> |
|
73 |
</property> |
|
74 |
</bean> |
|
75 |
|
|
76 |
<util:set id="namedAdmins" value-type="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority"> |
|
77 |
<!-- |
|
78 |
This is an example of how to set up a user as an administrator: they'll be given ROLE_ADMIN in addition to ROLE_USER. |
|
79 |
Note that having an administrator role on the IdP doesn't grant administrator access on this client. |
|
80 |
|
|
81 |
These are values from the demo "openid-connect-server-webapp" project of MITREid Connect. |
|
82 |
--> |
|
83 |
<bean class="org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority"> |
|
84 |
<constructor-arg name="subject" value="subject_value" /> |
|
85 |
<constructor-arg name="issuer" value="${oidc.issuer}" /> |
|
86 |
</bean> |
|
87 |
</util:set> |
|
88 |
|
|
89 |
<!--<bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>--> |
|
90 |
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">--> |
|
91 |
<!--<property name="filterProcessesUrl" value="/logout"/>--> |
|
92 |
<!--<constructor-arg index="0" value="/"/>--> |
|
93 |
<!--<constructor-arg index="1">--> |
|
94 |
<!--<list>--> |
|
95 |
<!--<ref bean="securityContextLogoutHandler"/>--> |
|
96 |
<!--<!–ref bean="myLogoutHandler"/–>--> |
|
97 |
<!--</list>--> |
|
98 |
<!--</constructor-arg>--> |
|
99 |
<!--</bean>--> |
|
100 |
|
|
101 |
<!--<bean class="eu.dnetlib.openaire.user.security.FrontEndLinkURILogoutSuccessHandler" id="frontEndRedirectLogout"/>--> |
|
102 |
|
|
103 |
<!--<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">--> |
|
104 |
<!--<property name="filterProcessesUrl" value="/logout"/>--> |
|
105 |
<!--<constructor-arg index="0" value="/"/>--> |
|
106 |
<!--<constructor-arg index="1">--> |
|
107 |
<!--<list>--> |
|
108 |
<!--<ref bean="securityContextLogoutHandler"/>--> |
|
109 |
<!--<!–ref bean="myLogoutHandler"/–>--> |
|
110 |
<!--</list>--> |
|
111 |
<!--</constructor-arg>--> |
|
112 |
<!--</bean>--> |
|
113 |
|
|
114 |
<!-- |
|
115 |
Static issuer service, returns the same issuer for every request. |
|
116 |
--> |
|
117 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService"> |
|
118 |
<property name="issuer" value="${oidc.issuer}" /> |
|
119 |
</bean> |
|
120 |
|
|
121 |
<!-- |
|
122 |
Dynamic server configuration, fetches the server's information using OIDC Discovery. |
|
123 |
--> |
|
124 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService"> |
|
125 |
<property name="servers"> |
|
126 |
<map> |
|
127 |
<entry key="${oidc.issuer}"> |
|
128 |
<bean class="org.mitre.openid.connect.config.ServerConfiguration"> |
|
129 |
<property name="issuer" value="${oidc.issuer}" /> |
|
130 |
<property name="authorizationEndpointUri" value="${oidc.issuer}authorize" /> |
|
131 |
<property name="tokenEndpointUri" value="${oidc.issuer}token" /> |
|
132 |
<property name="userInfoUri" value="${oidc.issuer}userinfo" /> |
|
133 |
<property name="jwksUri" value="${oidc.issuer}jwk" /> |
|
134 |
<property name="revocationEndpointUri" value="${oidc.issuer}revoke" /> |
|
135 |
</bean> |
|
136 |
</entry> |
|
137 |
</map> |
|
138 |
</property> |
|
139 |
</bean> |
|
140 |
|
|
141 |
|
|
142 |
<!-- |
|
143 |
Static Client Configuration. Configures a client statically by storing configuration on a per-issuer basis. |
|
144 |
|
|
145 |
--> |
|
146 |
|
|
147 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService"> |
|
148 |
<property name="clients"> |
|
149 |
<map> |
|
150 |
<entry key="${oidc.issuer}"> |
|
151 |
<bean class="org.mitre.oauth2.model.RegisteredClient"> |
|
152 |
<property name="clientId" value="${oidc.id}" /> |
|
153 |
<property name="clientSecret" value="${oidc.secret}" /> |
|
154 |
<property name="scope" value="#{scopeReader.scopes}"/> <!-- now read from properties file via scopeReader --> |
|
155 |
<property name="tokenEndpointAuthMethod" value="SECRET_BASIC" /> |
|
156 |
<property name="redirectUris"> |
|
157 |
<set> |
|
158 |
<value>${oidc.home}</value> |
|
159 |
</set> |
|
160 |
</property> |
|
161 |
</bean> |
|
162 |
</entry> |
|
163 |
</map> |
|
164 |
</property> |
|
165 |
</bean> |
|
166 |
|
|
167 |
<bean class="eu.dnetlib.openaire.user.login.utils.ScopeReader" id="scopeReader"> |
|
168 |
<constructor-arg value="${scopes}"/> |
|
169 |
</bean> |
|
170 |
|
|
171 |
<!-- |
|
172 |
- |
|
173 |
- Auth request options service: returns the optional components of the request |
|
174 |
- |
|
175 |
--> |
|
176 |
<bean class="org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService" id="staticAuthRequestOptionsService"> |
|
177 |
<property name="options"> |
|
178 |
<map> |
|
179 |
<!-- Entries in this map are sent as key-value parameters to the auth request --> |
|
180 |
<!-- |
|
181 |
<entry key="display" value="page" /> |
|
182 |
<entry key="max_age" value="30" /> |
|
183 |
<entry key="prompt" value="none" /> |
|
184 |
--> |
|
185 |
</map> |
|
186 |
</property> |
|
187 |
</bean> |
|
188 |
|
|
189 |
<!-- |
|
190 |
Plain authorization request builder, puts all options as query parameters on the GET request |
|
191 |
--> |
|
192 |
<bean class="org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder" id="plainAuthRequestUrlBuilder" /> |
|
193 |
|
|
194 |
<context:component-scan base-package="eu.dnetlib.openaire.user.login.registry.beans" /> |
|
195 |
<context:annotation-config></context:annotation-config> |
|
196 |
|
|
197 |
</beans> |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/src/test/java/eu/dnetlib/AppTest.java | ||
---|---|---|
1 |
package eu.dnetlib; |
|
2 |
|
|
3 |
import junit.framework.Test; |
|
4 |
import junit.framework.TestCase; |
|
5 |
import junit.framework.TestSuite; |
|
6 |
|
|
7 |
/** |
|
8 |
* Unit test for simple App. |
|
9 |
*/ |
|
10 |
public class AppTest |
|
11 |
extends TestCase |
|
12 |
{ |
|
13 |
/** |
|
14 |
* Create the test case |
|
15 |
* |
|
16 |
* @param testName name of the test case |
|
17 |
*/ |
|
18 |
public AppTest( String testName ) |
|
19 |
{ |
|
20 |
super( testName ); |
|
21 |
} |
|
22 |
|
|
23 |
/** |
|
24 |
* @return the suite of tests being tested |
|
25 |
*/ |
|
26 |
public static Test suite() |
|
27 |
{ |
|
28 |
return new TestSuite( AppTest.class ); |
|
29 |
} |
|
30 |
|
|
31 |
/** |
|
32 |
* Rigourous Test :-) |
|
33 |
*/ |
|
34 |
public void testApp() |
|
35 |
{ |
|
36 |
assertTrue( true ); |
|
37 |
} |
|
38 |
} |
modules/uoa-login-core/tags/uoa-login-core-1.0.1/deploy.info | ||
---|---|---|
1 |
{ |
|
2 |
"type_source": "SVN", |
|
3 |
"goal": "package -U source:jar", |
|
4 |
"url": "http://svn-public.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/trunk", |
|
5 |
"deploy_repository": "dnet45-snapshots", |
|
6 |
"version": "4", |
|
7 |
"mail": "kiatrop@di.uoa.gr, argirok@di.uoa.gr, k.triantafyllou@di.uoa.gr", |
|
8 |
"deploy_repository_url": "https://maven.d4science.org/nexus/content/repositories/dnet45-snapshots", |
|
9 |
"name": "uoa-login-core" |
|
10 |
} |
|
11 |
|
|
12 |
|
Also available in: Unified diff
[maven-release-plugin] copy for tag uoa-login-core-1.0.1