Project

General

Profile

1 57908 ioannis.di
package eu.dnetlib.repo.manager.config;
2
3
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
4
import org.mitre.oauth2.model.RegisteredClient;
5
import org.mitre.openid.connect.client.OIDCAuthenticationFilter;
6
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
7
import org.mitre.openid.connect.client.service.impl.*;
8
import org.mitre.openid.connect.config.ServerConfiguration;
9
import org.springframework.beans.factory.annotation.Value;
10
import org.springframework.context.annotation.Bean;
11
import org.springframework.context.annotation.Configuration;
12
import org.springframework.security.authentication.AuthenticationManager;
13
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
14
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
15 58701 antonis.le
import org.springframework.security.config.annotation.web.builders.WebSecurity;
16 57908 ioannis.di
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
17
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
18
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
19
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
20
21 58215 antonis.le
import java.util.*;
22 57908 ioannis.di
23
@Configuration
24
@EnableWebSecurity
25
public class AaiSecurityConfiguration extends WebSecurityConfigurerAdapter {
26
27
    @Value("${webapp.dev.front}")
28
    private String logoutSuccessUrl;
29
30
    @Value("${oidc.issuer}")
31
    private String oidcIssuer;
32
33
    @Value("${oidc.id}")
34
    private String oidcId;
35
36
    @Value("${oidc.secret}")
37
    private String oidcSecret;
38
39
    @Value("${oidc.dev.home}")
40
    private String oidcDevHome;
41
42
    @Value("${webapp.dev.front}")
43
    private String webAppFrontEnd;
44
45
    @Bean
46
    @Override
47
    public AuthenticationManager authenticationManagerBean() throws Exception {
48
        return authenticationManager();
49
    }
50
51
    @Override
52 61318 spyroukon
    protected void configure(AuthenticationManagerBuilder auth) {
53 57908 ioannis.di
        auth.authenticationProvider(openIdConnectAuthenticationProvider());
54
    }
55
56
    @Override
57 61318 spyroukon
    public void configure(WebSecurity web) {
58 58701 antonis.le
        web.ignoring().antMatchers("/stats/**");
59
    }
60
61
    @Override
62 57908 ioannis.di
    protected void configure(HttpSecurity http) throws Exception {
63
        http.csrf().disable()
64
                .anonymous().disable()
65
                .authorizeRequests()
66
                .anyRequest().authenticated()
67
                .and()
68 61318 spyroukon
                .httpBasic()
69
                .authenticationEntryPoint(authenticationEntryPoint())
70 57908 ioannis.di
                .and()
71 61318 spyroukon
                .logout().logoutUrl("/openid_logout")
72
                .invalidateHttpSession(true)
73
                .deleteCookies("openAIRESession")
74
                .logoutSuccessUrl(logoutSuccessUrl)
75 57908 ioannis.di
                .and()
76 61318 spyroukon
                .addFilterBefore(openIdConnectAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
77 57908 ioannis.di
        ;
78
    }
79
80
    @Bean
81 61318 spyroukon
    public OIDCAuthenticationProvider openIdConnectAuthenticationProvider() {
82 57908 ioannis.di
        OIDCAuthenticationProvider oidcProvider = new OIDCAuthenticationProvider();
83
        oidcProvider.setAuthoritiesMapper(authoritiesMapper());
84
        return oidcProvider;
85
    }
86
87
    @Bean
88 61318 spyroukon
    public OpenAIREAuthoritiesMapper authoritiesMapper() {
89
        OpenAIREAuthoritiesMapper authoritiesMapper = new OpenAIREAuthoritiesMapper();
90 57908 ioannis.di
        return authoritiesMapper;
91
    }
92
93
    @Bean
94 61318 spyroukon
    public StaticServerConfigurationService staticServerConfigurationService() {
95 57908 ioannis.di
        StaticServerConfigurationService staticServerConfigurationService = new StaticServerConfigurationService();
96
        Map<String, ServerConfiguration> servers = new HashMap<>();
97
        servers.put(oidcIssuer, serverConfiguration());
98
        staticServerConfigurationService.setServers(servers);
99
        return staticServerConfigurationService;
100
    }
101
102
    @Bean
103 61318 spyroukon
    public StaticClientConfigurationService staticClientConfigurationService() {
104 57908 ioannis.di
        StaticClientConfigurationService staticClientConfigurationService = new StaticClientConfigurationService();
105
        Map<String, RegisteredClient> clients = new HashMap<>();
106 61318 spyroukon
        clients.put(oidcIssuer, registeredClient());
107 57908 ioannis.di
        staticClientConfigurationService.setClients(clients);
108
        return staticClientConfigurationService;
109
    }
110
111
    @Bean
112 61318 spyroukon
    public RegisteredClient registeredClient() {
113 57908 ioannis.di
        RegisteredClient registeredClient = new RegisteredClient();
114
        registeredClient.setClientId(oidcId);
115
        registeredClient.setClientSecret(oidcSecret);
116 61318 spyroukon
        registeredClient.setScope(new HashSet<>(Arrays.asList("openid", "eduperson_entitlement", "profile", "email")));
117 57908 ioannis.di
        registeredClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
118
        registeredClient.setRedirectUris(new HashSet<>(Collections.singletonList(oidcDevHome)));
119
        return registeredClient;
120
    }
121
122
    @Bean
123 61318 spyroukon
    public StaticAuthRequestOptionsService staticAuthRequestOptionsService() {
124 57908 ioannis.di
        return new StaticAuthRequestOptionsService();
125
    }
126
127
    @Bean
128 61318 spyroukon
    public PlainAuthRequestUrlBuilder plainAuthRequestUrlBuilder() {
129 57908 ioannis.di
        return new PlainAuthRequestUrlBuilder();
130
    }
131
132
    @Bean
133 61318 spyroukon
    public ServerConfiguration serverConfiguration() {
134 57908 ioannis.di
        ServerConfiguration serverConfiguration = new ServerConfiguration();
135
        serverConfiguration.setIssuer(oidcIssuer);
136 61318 spyroukon
        serverConfiguration.setAuthorizationEndpointUri(oidcIssuer + "authorize");
137
        serverConfiguration.setTokenEndpointUri(oidcIssuer + "token");
138
        serverConfiguration.setUserInfoUri(oidcIssuer + "userinfo");
139
        serverConfiguration.setJwksUri(oidcIssuer + "jwk");
140
        serverConfiguration.setRevocationEndpointUri(oidcIssuer + "revoke");
141 57908 ioannis.di
        return serverConfiguration;
142
    }
143
144
    @Bean
145 61318 spyroukon
    public LoginUrlAuthenticationEntryPoint authenticationEntryPoint() {
146 57908 ioannis.di
        return new LoginUrlAuthenticationEntryPoint("/openid_connect_login");
147
    }
148
149
150
    @Bean
151
    public OIDCAuthenticationFilter openIdConnectAuthenticationFilter() throws Exception {
152
        OIDCAuthenticationFilter oidc = new OIDCAuthenticationFilter();
153
        oidc.setAuthenticationManager(authenticationManagerBean());
154
        oidc.setIssuerService(staticSingleIssuerService());
155
        oidc.setServerConfigurationService(staticServerConfigurationService());
156
        oidc.setClientConfigurationService(staticClientConfigurationService());
157
        oidc.setAuthRequestOptionsService(staticAuthRequestOptionsService());
158
        oidc.setAuthRequestUrlBuilder(plainAuthRequestUrlBuilder());
159
        oidc.setAuthenticationSuccessHandler(frontEndRedirect());
160
        return oidc;
161
    }
162
163
    @Bean
164 61318 spyroukon
    public StaticSingleIssuerService staticSingleIssuerService() {
165 57908 ioannis.di
        StaticSingleIssuerService staticSingleIssuerService = new StaticSingleIssuerService();
166
        staticSingleIssuerService.setIssuer(oidcIssuer);
167
        return staticSingleIssuerService;
168
    }
169
170
    @Bean(initMethod = "init")
171 61318 spyroukon
    public FrontEndLinkURIAuthenticationSuccessHandler frontEndRedirect() {
172 57908 ioannis.di
        FrontEndLinkURIAuthenticationSuccessHandler frontEnd = new FrontEndLinkURIAuthenticationSuccessHandler();
173
        frontEnd.setFrontEndURI(webAppFrontEnd);
174
        return frontEnd;
175
    }
176
177
}