Revision 61441
Added by Antonis Lempesis over 2 years ago
AaiSecurityConfiguration.java | ||
---|---|---|
42 | 42 |
@Value("${webapp.dev.front}") |
43 | 43 |
private String webAppFrontEnd; |
44 | 44 |
|
45 |
private Map<String, String> userRoles = new HashMap<String, String>(){{ |
|
46 |
put("urn:geant:openaire.eu:group:Super+Administrator#aai.openaire.eu", "ROLE_ADMIN"); |
|
47 |
put("urn:geant:openaire.eu:group:Content+Provider+Dashboard+Administrator#aai.openaire.eu","ROLE_PROVIDE_ADMIN"); |
|
48 |
}}; |
|
49 |
|
|
50 | 45 |
@Bean |
51 | 46 |
@Override |
52 | 47 |
public AuthenticationManager authenticationManagerBean() throws Exception { |
... | ... | |
54 | 49 |
} |
55 | 50 |
|
56 | 51 |
@Override |
57 |
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
|
52 |
protected void configure(AuthenticationManagerBuilder auth) { |
|
58 | 53 |
auth.authenticationProvider(openIdConnectAuthenticationProvider()); |
59 | 54 |
} |
60 | 55 |
|
61 | 56 |
@Override |
62 |
public void configure(WebSecurity web) throws Exception {
|
|
57 |
public void configure(WebSecurity web) { |
|
63 | 58 |
web.ignoring().antMatchers("/stats/**"); |
64 | 59 |
} |
65 | 60 |
|
... | ... | |
70 | 65 |
.authorizeRequests() |
71 | 66 |
.anyRequest().authenticated() |
72 | 67 |
.and() |
73 |
.httpBasic()
|
|
74 |
.authenticationEntryPoint(authenticationEntryPoint())
|
|
68 |
.httpBasic() |
|
69 |
.authenticationEntryPoint(authenticationEntryPoint()) |
|
75 | 70 |
.and() |
76 |
.logout().logoutUrl("/openid_logout")
|
|
77 |
.invalidateHttpSession(true)
|
|
78 |
.deleteCookies("openAIRESession")
|
|
79 |
.logoutSuccessUrl(logoutSuccessUrl)
|
|
71 |
.logout().logoutUrl("/openid_logout") |
|
72 |
.invalidateHttpSession(true) |
|
73 |
.deleteCookies("openAIRESession") |
|
74 |
.logoutSuccessUrl(logoutSuccessUrl) |
|
80 | 75 |
.and() |
81 |
.addFilterBefore(openIdConnectAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
|
|
76 |
.addFilterBefore(openIdConnectAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class) |
|
82 | 77 |
; |
83 | 78 |
} |
84 | 79 |
|
85 | 80 |
@Bean |
86 |
public OIDCAuthenticationProvider openIdConnectAuthenticationProvider(){ |
|
81 |
public OIDCAuthenticationProvider openIdConnectAuthenticationProvider() {
|
|
87 | 82 |
OIDCAuthenticationProvider oidcProvider = new OIDCAuthenticationProvider(); |
88 | 83 |
oidcProvider.setAuthoritiesMapper(authoritiesMapper()); |
89 | 84 |
return oidcProvider; |
90 | 85 |
} |
91 | 86 |
|
92 | 87 |
@Bean |
93 |
public OpenAireProviderAuthoritiesMapper authoritiesMapper(){
|
|
94 |
OpenAireProviderAuthoritiesMapper authoritiesMapper = new OpenAireProviderAuthoritiesMapper(userRoles);
|
|
88 |
public OpenAIREAuthoritiesMapper authoritiesMapper() {
|
|
89 |
OpenAIREAuthoritiesMapper authoritiesMapper = new OpenAIREAuthoritiesMapper();
|
|
95 | 90 |
return authoritiesMapper; |
96 | 91 |
} |
97 | 92 |
|
98 | 93 |
@Bean |
99 |
public StaticServerConfigurationService staticServerConfigurationService(){ |
|
94 |
public StaticServerConfigurationService staticServerConfigurationService() {
|
|
100 | 95 |
StaticServerConfigurationService staticServerConfigurationService = new StaticServerConfigurationService(); |
101 | 96 |
Map<String, ServerConfiguration> servers = new HashMap<>(); |
102 | 97 |
servers.put(oidcIssuer, serverConfiguration()); |
... | ... | |
105 | 100 |
} |
106 | 101 |
|
107 | 102 |
@Bean |
108 |
public StaticClientConfigurationService staticClientConfigurationService(){ |
|
103 |
public StaticClientConfigurationService staticClientConfigurationService() {
|
|
109 | 104 |
StaticClientConfigurationService staticClientConfigurationService = new StaticClientConfigurationService(); |
110 | 105 |
Map<String, RegisteredClient> clients = new HashMap<>(); |
111 |
clients.put(oidcIssuer,registeredClient()); |
|
106 |
clients.put(oidcIssuer, registeredClient());
|
|
112 | 107 |
staticClientConfigurationService.setClients(clients); |
113 | 108 |
return staticClientConfigurationService; |
114 | 109 |
} |
115 | 110 |
|
116 | 111 |
@Bean |
117 |
public RegisteredClient registeredClient(){ |
|
112 |
public RegisteredClient registeredClient() {
|
|
118 | 113 |
RegisteredClient registeredClient = new RegisteredClient(); |
119 | 114 |
registeredClient.setClientId(oidcId); |
120 | 115 |
registeredClient.setClientSecret(oidcSecret); |
121 |
registeredClient.setScope(new HashSet<>(Arrays.asList("openid","eduperson_entitlement","profile", "email")));
|
|
116 |
registeredClient.setScope(new HashSet<>(Arrays.asList("openid", "eduperson_entitlement", "profile", "email")));
|
|
122 | 117 |
registeredClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); |
123 | 118 |
registeredClient.setRedirectUris(new HashSet<>(Collections.singletonList(oidcDevHome))); |
124 | 119 |
return registeredClient; |
125 | 120 |
} |
126 | 121 |
|
127 | 122 |
@Bean |
128 |
public StaticAuthRequestOptionsService staticAuthRequestOptionsService(){ |
|
123 |
public StaticAuthRequestOptionsService staticAuthRequestOptionsService() {
|
|
129 | 124 |
return new StaticAuthRequestOptionsService(); |
130 | 125 |
} |
131 | 126 |
|
132 | 127 |
@Bean |
133 |
public PlainAuthRequestUrlBuilder plainAuthRequestUrlBuilder(){ |
|
128 |
public PlainAuthRequestUrlBuilder plainAuthRequestUrlBuilder() {
|
|
134 | 129 |
return new PlainAuthRequestUrlBuilder(); |
135 | 130 |
} |
136 | 131 |
|
137 | 132 |
@Bean |
138 |
public ServerConfiguration serverConfiguration(){ |
|
133 |
public ServerConfiguration serverConfiguration() {
|
|
139 | 134 |
ServerConfiguration serverConfiguration = new ServerConfiguration(); |
140 | 135 |
serverConfiguration.setIssuer(oidcIssuer); |
141 |
serverConfiguration.setAuthorizationEndpointUri(oidcIssuer+"authorize");
|
|
142 |
serverConfiguration.setTokenEndpointUri(oidcIssuer+"token");
|
|
143 |
serverConfiguration.setUserInfoUri(oidcIssuer+"userinfo");
|
|
144 |
serverConfiguration.setJwksUri(oidcIssuer+"jwk");
|
|
145 |
serverConfiguration.setRevocationEndpointUri(oidcIssuer+"revoke");
|
|
136 |
serverConfiguration.setAuthorizationEndpointUri(oidcIssuer + "authorize");
|
|
137 |
serverConfiguration.setTokenEndpointUri(oidcIssuer + "token");
|
|
138 |
serverConfiguration.setUserInfoUri(oidcIssuer + "userinfo");
|
|
139 |
serverConfiguration.setJwksUri(oidcIssuer + "jwk");
|
|
140 |
serverConfiguration.setRevocationEndpointUri(oidcIssuer + "revoke");
|
|
146 | 141 |
return serverConfiguration; |
147 | 142 |
} |
148 | 143 |
|
149 | 144 |
@Bean |
150 |
public LoginUrlAuthenticationEntryPoint authenticationEntryPoint(){ |
|
145 |
public LoginUrlAuthenticationEntryPoint authenticationEntryPoint() {
|
|
151 | 146 |
return new LoginUrlAuthenticationEntryPoint("/openid_connect_login"); |
152 | 147 |
} |
153 | 148 |
|
... | ... | |
166 | 161 |
} |
167 | 162 |
|
168 | 163 |
@Bean |
169 |
public StaticSingleIssuerService staticSingleIssuerService(){ |
|
164 |
public StaticSingleIssuerService staticSingleIssuerService() {
|
|
170 | 165 |
StaticSingleIssuerService staticSingleIssuerService = new StaticSingleIssuerService(); |
171 | 166 |
staticSingleIssuerService.setIssuer(oidcIssuer); |
172 | 167 |
return staticSingleIssuerService; |
173 | 168 |
} |
174 | 169 |
|
175 | 170 |
@Bean(initMethod = "init") |
176 |
public FrontEndLinkURIAuthenticationSuccessHandler frontEndRedirect(){ |
|
171 |
public FrontEndLinkURIAuthenticationSuccessHandler frontEndRedirect() {
|
|
177 | 172 |
FrontEndLinkURIAuthenticationSuccessHandler frontEnd = new FrontEndLinkURIAuthenticationSuccessHandler(); |
178 | 173 |
frontEnd.setFrontEndURI(webAppFrontEnd); |
179 | 174 |
return frontEnd; |
Also available in: Unified diff
merged branch aai_roles_new to trunk