Revision 61441
Added by Antonis Lempesis almost 3 years ago
FrontEndLinkURIAuthenticationSuccessHandler.java | ||
---|---|---|
1 | 1 |
package eu.dnetlib.repo.manager.config; |
2 | 2 |
|
3 |
import com.google.gson.Gson; |
|
4 |
import com.google.gson.JsonObject; |
|
3 |
import com.google.gson.JsonParser; |
|
5 | 4 |
import org.apache.log4j.Logger; |
6 | 5 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
7 | 6 |
import org.springframework.beans.factory.annotation.Value; |
8 | 7 |
import org.springframework.security.core.Authentication; |
9 | 8 |
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; |
9 |
import org.springframework.session.FindByIndexNameSessionRepository; |
|
10 | 10 |
|
11 | 11 |
import javax.servlet.ServletException; |
12 | 12 |
import javax.servlet.http.Cookie; |
13 | 13 |
import javax.servlet.http.HttpServletRequest; |
14 | 14 |
import javax.servlet.http.HttpServletResponse; |
15 | 15 |
import java.io.IOException; |
16 |
import java.net.URLEncoder; |
|
16 |
import java.util.Base64; |
|
17 |
import java.util.Date; |
|
18 |
import java.util.regex.Matcher; |
|
19 |
import java.util.regex.Pattern; |
|
17 | 20 |
|
18 | 21 |
public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler { |
19 | 22 |
|
... | ... | |
22 | 25 |
private static final Logger LOGGER = Logger |
23 | 26 |
.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class); |
24 | 27 |
|
25 |
public void init(){ |
|
28 |
public void init() {
|
|
26 | 29 |
LOGGER.debug("Front end uri : " + frontEndURI); |
27 | 30 |
} |
28 | 31 |
|
... | ... | |
32 | 35 |
|
33 | 36 |
@Override |
34 | 37 |
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { |
35 |
|
|
36 | 38 |
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication; |
37 |
JsonObject userInfo = new JsonObject();
|
|
39 |
request.getSession().setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, authOIDC.getUserInfo().getEmail());
|
|
38 | 40 |
|
39 |
if (authOIDC.getUserInfo().getSub() == null) |
|
40 |
userInfo.addProperty("sub", ""); |
|
41 |
else |
|
42 |
userInfo.addProperty("sub", URLEncoder.encode(authOIDC.getUserInfo().getSub(), "UTF-8")); |
|
43 |
|
|
44 |
|
|
45 |
if(authOIDC.getUserInfo().getName() != null) |
|
46 |
userInfo.addProperty("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8")); |
|
47 |
|
|
48 |
if (authOIDC.getUserInfo().getGivenName() == null) |
|
49 |
userInfo.addProperty("firstname", ""); |
|
50 |
else |
|
51 |
userInfo.addProperty("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + ""); |
|
52 |
|
|
53 |
if (authOIDC.getUserInfo().getFamilyName() == null) |
|
54 |
userInfo.addProperty("lastname", ""); |
|
55 |
else |
|
56 |
userInfo.addProperty("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + ""); |
|
57 |
|
|
58 |
userInfo.addProperty("email", authOIDC.getUserInfo().getEmail() + ""); |
|
59 |
if (authOIDC.getUserInfo().getSource().getAsJsonArray("edu_person_entitlements") == null) |
|
60 |
userInfo.addProperty("role", ""); |
|
61 |
else |
|
62 |
userInfo.addProperty("role", URLEncoder.encode(authOIDC.getUserInfo() |
|
63 |
.getSource().getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + ""); |
|
64 |
|
|
65 |
|
|
66 |
Cookie openAIREUser = new Cookie("openAIREUser", new Gson().toJson(userInfo) ); |
|
67 |
openAIREUser.setMaxAge(14400); |
|
68 |
openAIREUser.setPath("/"); |
|
69 |
if(aai_mode.equalsIgnoreCase("production") || aai_mode.equalsIgnoreCase("beta")) |
|
70 |
openAIREUser .setDomain(".openaire.eu"); |
|
71 |
// openAIREUser.setDomain(".athenarc.gr"); |
|
72 |
response.addCookie(openAIREUser); |
|
73 |
|
|
74 |
|
|
75 | 41 |
Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue()); |
76 |
accessToken.setMaxAge(14400); |
|
77 |
if(aai_mode.equalsIgnoreCase("production") || aai_mode.equalsIgnoreCase("beta")) |
|
42 |
String regex = "^([A-Za-z0-9-_=]+)\\.([A-Za-z0-9-_=]+)\\.?([A-Za-z0-9-_.+=]*)$"; |
|
43 |
Matcher matcher = Pattern.compile(regex).matcher(authOIDC.getAccessTokenValue()); |
|
44 |
if (matcher.find()) { |
|
45 |
long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong(); |
|
46 |
accessToken.setMaxAge((int) (exp - (new Date().getTime() / 1000))); |
|
47 |
} else { |
|
48 |
accessToken.setMaxAge(3600); |
|
49 |
} |
|
50 |
if (aai_mode.equalsIgnoreCase("production") || aai_mode.equalsIgnoreCase("beta")) |
|
78 | 51 |
accessToken.setDomain(".openaire.eu"); |
79 | 52 |
accessToken.setPath("/"); |
80 | 53 |
|
81 |
// accessToken.setDomain(".athenarc.gr"); |
|
82 | 54 |
response.addCookie(accessToken); |
83 | 55 |
response.sendRedirect(frontEndURI); |
84 | 56 |
} |
Also available in: Unified diff
merged branch aai_roles_new to trunk