Revision 61441
Added by Antonis Lempesis almost 3 years ago
| FrontEndLinkURIAuthenticationSuccessHandler.java | ||
|---|---|---|
| 1 | 1 |
package eu.dnetlib.repo.manager.config; |
| 2 | 2 |
|
| 3 |
import com.google.gson.Gson; |
|
| 4 |
import com.google.gson.JsonObject; |
|
| 3 |
import com.google.gson.JsonParser; |
|
| 5 | 4 |
import org.apache.log4j.Logger; |
| 6 | 5 |
import org.mitre.openid.connect.model.OIDCAuthenticationToken; |
| 7 | 6 |
import org.springframework.beans.factory.annotation.Value; |
| 8 | 7 |
import org.springframework.security.core.Authentication; |
| 9 | 8 |
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; |
| 9 |
import org.springframework.session.FindByIndexNameSessionRepository; |
|
| 10 | 10 |
|
| 11 | 11 |
import javax.servlet.ServletException; |
| 12 | 12 |
import javax.servlet.http.Cookie; |
| 13 | 13 |
import javax.servlet.http.HttpServletRequest; |
| 14 | 14 |
import javax.servlet.http.HttpServletResponse; |
| 15 | 15 |
import java.io.IOException; |
| 16 |
import java.net.URLEncoder; |
|
| 16 |
import java.util.Base64; |
|
| 17 |
import java.util.Date; |
|
| 18 |
import java.util.regex.Matcher; |
|
| 19 |
import java.util.regex.Pattern; |
|
| 17 | 20 |
|
| 18 | 21 |
public class FrontEndLinkURIAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
|
| 19 | 22 |
|
| ... | ... | |
| 22 | 25 |
private static final Logger LOGGER = Logger |
| 23 | 26 |
.getLogger(FrontEndLinkURIAuthenticationSuccessHandler.class); |
| 24 | 27 |
|
| 25 |
public void init(){
|
|
| 28 |
public void init() {
|
|
| 26 | 29 |
LOGGER.debug("Front end uri : " + frontEndURI);
|
| 27 | 30 |
} |
| 28 | 31 |
|
| ... | ... | |
| 32 | 35 |
|
| 33 | 36 |
@Override |
| 34 | 37 |
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
|
| 35 |
|
|
| 36 | 38 |
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication; |
| 37 |
JsonObject userInfo = new JsonObject();
|
|
| 39 |
request.getSession().setAttribute(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, authOIDC.getUserInfo().getEmail());
|
|
| 38 | 40 |
|
| 39 |
if (authOIDC.getUserInfo().getSub() == null) |
|
| 40 |
userInfo.addProperty("sub", "");
|
|
| 41 |
else |
|
| 42 |
userInfo.addProperty("sub", URLEncoder.encode(authOIDC.getUserInfo().getSub(), "UTF-8"));
|
|
| 43 |
|
|
| 44 |
|
|
| 45 |
if(authOIDC.getUserInfo().getName() != null) |
|
| 46 |
userInfo.addProperty("fullname", URLEncoder.encode(authOIDC.getUserInfo().getName(), "UTF-8"));
|
|
| 47 |
|
|
| 48 |
if (authOIDC.getUserInfo().getGivenName() == null) |
|
| 49 |
userInfo.addProperty("firstname", "");
|
|
| 50 |
else |
|
| 51 |
userInfo.addProperty("firstname", URLEncoder.encode(authOIDC.getUserInfo().getGivenName(), "UTF-8") + "");
|
|
| 52 |
|
|
| 53 |
if (authOIDC.getUserInfo().getFamilyName() == null) |
|
| 54 |
userInfo.addProperty("lastname", "");
|
|
| 55 |
else |
|
| 56 |
userInfo.addProperty("lastname", URLEncoder.encode(authOIDC.getUserInfo().getFamilyName(), "UTF-8") + "");
|
|
| 57 |
|
|
| 58 |
userInfo.addProperty("email", authOIDC.getUserInfo().getEmail() + "");
|
|
| 59 |
if (authOIDC.getUserInfo().getSource().getAsJsonArray("edu_person_entitlements") == null)
|
|
| 60 |
userInfo.addProperty("role", "");
|
|
| 61 |
else |
|
| 62 |
userInfo.addProperty("role", URLEncoder.encode(authOIDC.getUserInfo()
|
|
| 63 |
.getSource().getAsJsonArray("edu_person_entitlements").toString(), "UTF-8") + "");
|
|
| 64 |
|
|
| 65 |
|
|
| 66 |
Cookie openAIREUser = new Cookie("openAIREUser", new Gson().toJson(userInfo) );
|
|
| 67 |
openAIREUser.setMaxAge(14400); |
|
| 68 |
openAIREUser.setPath("/");
|
|
| 69 |
if(aai_mode.equalsIgnoreCase("production") || aai_mode.equalsIgnoreCase("beta"))
|
|
| 70 |
openAIREUser .setDomain(".openaire.eu");
|
|
| 71 |
// openAIREUser.setDomain(".athenarc.gr");
|
|
| 72 |
response.addCookie(openAIREUser); |
|
| 73 |
|
|
| 74 |
|
|
| 75 | 41 |
Cookie accessToken = new Cookie("AccessToken", authOIDC.getAccessTokenValue());
|
| 76 |
accessToken.setMaxAge(14400); |
|
| 77 |
if(aai_mode.equalsIgnoreCase("production") || aai_mode.equalsIgnoreCase("beta"))
|
|
| 42 |
String regex = "^([A-Za-z0-9-_=]+)\\.([A-Za-z0-9-_=]+)\\.?([A-Za-z0-9-_.+=]*)$"; |
|
| 43 |
Matcher matcher = Pattern.compile(regex).matcher(authOIDC.getAccessTokenValue()); |
|
| 44 |
if (matcher.find()) {
|
|
| 45 |
long exp = new JsonParser().parse(new String(Base64.getDecoder().decode(matcher.group(2)))).getAsJsonObject().get("exp").getAsLong();
|
|
| 46 |
accessToken.setMaxAge((int) (exp - (new Date().getTime() / 1000))); |
|
| 47 |
} else {
|
|
| 48 |
accessToken.setMaxAge(3600); |
|
| 49 |
} |
|
| 50 |
if (aai_mode.equalsIgnoreCase("production") || aai_mode.equalsIgnoreCase("beta"))
|
|
| 78 | 51 |
accessToken.setDomain(".openaire.eu");
|
| 79 | 52 |
accessToken.setPath("/");
|
| 80 | 53 |
|
| 81 |
// accessToken.setDomain(".athenarc.gr");
|
|
| 82 | 54 |
response.addCookie(accessToken); |
| 83 | 55 |
response.sendRedirect(frontEndURI); |
| 84 | 56 |
} |
Also available in: Unified diff
merged branch aai_roles_new to trunk