Project

General

Profile

« Previous | Next » 

Revision 61787

Fix authentication cast to OpenAIREAuthentication while it is not a instance of. Check cookie existance to avoid extra calls for get user info.

View differences:

modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/security/AuthorizationService.java
1 1
package eu.dnetlib.uoaauthorizationlibrary.security;
2 2

  
3 3
import org.apache.log4j.Logger;
4
import org.springframework.security.core.Authentication;
4 5
import org.springframework.security.core.GrantedAuthority;
5 6
import org.springframework.security.core.context.SecurityContextHolder;
6 7
import org.springframework.stereotype.Component;
......
69 70
    }
70 71

  
71 72
    public List<String> getRoles() {
72
        OpenAIREAuthentication authentication = (OpenAIREAuthentication) SecurityContextHolder.getContext().getAuthentication();
73
        OpenAIREAuthentication authentication = getAuthentication();
73 74
        if (authentication != null && authentication.isAuthenticated()) {
74 75
            return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
75 76
        }
......
77 78
    }
78 79

  
79 80
    public String getAaiId() {
80
        OpenAIREAuthentication authentication = (OpenAIREAuthentication) SecurityContextHolder.getContext().getAuthentication();
81
        OpenAIREAuthentication authentication = getAuthentication();
81 82
        if (authentication != null && authentication.isAuthenticated()) {
82 83
            return authentication.getUser().getSub();
83 84
        }
......
85 86
    }
86 87

  
87 88
    public String getEmail() {
88
        OpenAIREAuthentication authentication = (OpenAIREAuthentication) SecurityContextHolder.getContext().getAuthentication();
89
        OpenAIREAuthentication authentication = getAuthentication();
89 90
        if (authentication != null && authentication.isAuthenticated()) {
90 91
            return authentication.getUser().getEmail();
91 92
        }
92 93
        return null;
93 94
    }
95

  
96
    private OpenAIREAuthentication getAuthentication() {
97
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
98
        if(authentication instanceof OpenAIREAuthentication) {
99
            return (OpenAIREAuthentication) authentication;
100
        } else {
101
            return null;
102
        }
103
    }
94 104
}
modules/uoa-authorization-library/trunk/src/main/java/eu/dnetlib/uoaauthorizationlibrary/utils/AuthorizationUtils.java
10 10

  
11 11
import javax.servlet.http.Cookie;
12 12
import javax.servlet.http.HttpServletRequest;
13
import java.util.Arrays;
13 14
import java.util.Collections;
14 15

  
15 16
@Component
16 17
public class AuthorizationUtils {
17 18
    private final Logger log = Logger.getLogger(this.getClass());
18 19
    private final SecurityConfig securityConfig;
20
    private final static String TOKEN = "AccessToken";
21
    private final static String SESSION = "OpenAIRESession";
19 22

  
20 23
    @Autowired
21 24
    AuthorizationUtils(SecurityConfig securityConfig) {
......
27 30
            return null;
28 31
        }
29 32
        for (Cookie c : request.getCookies()) {
30
            if (c.getName().equals("AccessToken")) {
33
            if (c.getName().equals(TOKEN)) {
31 34
                return c.getValue();
32 35
            }
33

  
34 36
        }
35 37
        return null;
36 38
    }
......
39 41
        String url = securityConfig.getUserInfoUrl() + (securityConfig.isDeprecated()?getToken(request):"");
40 42
        RestTemplate restTemplate = new RestTemplate();
41 43
        try {
42
            ResponseEntity<UserInfo> response = restTemplate.exchange(url, HttpMethod.GET, createHeaders(request), UserInfo.class);
43
            return  response.getBody();
44
            if(hasCookie(request)) {
45
                ResponseEntity<UserInfo> response = restTemplate.exchange(url, HttpMethod.GET, createHeaders(request), UserInfo.class);
46
                return  response.getBody();
47
            }
48
            return null;
44 49
        } catch (RestClientException e) {
45
            log.error(e.getMessage());
50
            log.error(url + ":" + e.getMessage());
46 51
            return null;
47 52
        }
48 53
    }
49 54

  
55
    private boolean hasCookie(HttpServletRequest request) {
56
        Cookie[] cookies = request.getCookies();
57
        if(securityConfig.isDeprecated()) {
58
            return Arrays.stream(cookies).anyMatch(cookie -> cookie.getName().equalsIgnoreCase(TOKEN));
59
        } else {
60
            return Arrays.stream(cookies).anyMatch(cookie -> cookie.getName().equalsIgnoreCase(SESSION));
61
        }
62
    }
63

  
50 64
    private HttpEntity<HttpHeaders> createHeaders(HttpServletRequest request) {
51 65
        HttpHeaders headers = new HttpHeaders();
52 66
        headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));

Also available in: Unified diff