D-Net

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

	<modelVersion>4.0.0</modelVersion>

	<parent>

		<groupId>eu.dnetlib</groupId>

		<artifactId>dnet45-parent</artifactId>

		<version>1.0.0</version>

	</parent>

	<artifactId>uoa-authorization-library</artifactId>

	<version>2.0.3</version>

	<packaging>jar</packaging>

	<scm>

		<developerConnection>scm:svn:https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-authorization-library/tags/uoa-authorization-library-2.0.3</developerConnection>

	</scm>

	<name>uoa-authorization-library</name>

	<properties>

		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

		<java.version>1.8</java.version>

        <timestampAuthorizationLibrary>${maven.build.timestamp}</timestampAuthorizationLibrary>

        <maven.build.timestamp.format>E MMM dd HH:mm:ss z yyyy</maven.build.timestamp.format>

	</properties>

	<dependencyManagement>

		<dependencies>

			<dependency>

				<groupId>org.springframework.boot</groupId>

				<artifactId>spring-boot-dependencies</artifactId>

				<version>1.5.8.RELEASE</version>

				<type>pom</type>

				<scope>import</scope>

			</dependency>

		</dependencies>

	</dependencyManagement>

	<dependencies>

		<dependency>

			<groupId>org.springframework.boot</groupId>

			<artifactId>spring-boot-starter-web</artifactId>

			<exclusions>

				<exclusion>

					<groupId> org.springframework.boot</groupId>

					<artifactId>spring-boot-starter-logging</artifactId>

				</exclusion>

			</exclusions>

		</dependency>

		<!-- Starter for using Spring Security -->

		<dependency>

			<groupId>org.springframework.boot</groupId>

			<artifactId>spring-boot-starter-security</artifactId>

		</dependency>

		<dependency>

			<groupId>com.google.code.gson</groupId>

			<artifactId>gson</artifactId>

			<version>2.8.2</version>

		</dependency>

		<dependency>

			<groupId>log4j</groupId>

			<artifactId>log4j</artifactId>

			<version>1.2.17</version>

		</dependency>

    </dependencies>

	<build>

		<plugins>

		</plugins>

        <finalName>uoa-authorization-library</finalName>

        <resources>

            <resource>

                <directory>src/main/resources</directory>

                <filtering>true</filtering>

            </resource>

        </resources>

	</build>

</project>

package eu.dnetlib.uoaauthorizationlibrary.configuration;

import org.springframework.boot.context.properties.ConfigurationProperties;

import java.util.Date;

@ConfigurationProperties("authorization.globalVars")

public class GlobalVars {

    public static Date date = new Date();

    private Date buildDate;

    private String version;

    public String getBuildDate() {

        if(buildDate == null) {

            return null;

        }

        return buildDate.toString();

    }

    public void setBuildDate(Date buildDate) {

        this.buildDate = buildDate;

    }

    public String getVersion() {

        return this.version;

    }

    public void setVersion(String version) {

        this.version = version;

    }

}

package eu.dnetlib.uoaauthorizationlibrary.configuration;

import org.springframework.boot.context.properties.ConfigurationProperties;

@ConfigurationProperties("authorization.security")

public class SecurityConfig {

    private String userInfoUrl;

    public String getUserInfoUrl() {

        return userInfoUrl;

    }

    public void setUserInfoUrl(String userInfoUrl) {

        this.userInfoUrl = userInfoUrl;

    }

    /** @deprecated */

    public boolean isDeprecated() {

        return userInfoUrl.contains("accessToken");

    }

}

package eu.dnetlib.uoaauthorizationlibrary.configuration;

import org.springframework.boot.context.properties.EnableConfigurationProperties;

import org.springframework.context.annotation.*;

@Configuration

@EnableConfigurationProperties({SecurityConfig.class, GlobalVars.class})

@ComponentScan(basePackages = { "eu.dnetlib.uoaauthorizationlibrary" })

public class AuthorizationConfiguration { }

package eu.dnetlib.uoaauthorizationlibrary.controllers;

import eu.dnetlib.uoaauthorizationlibrary.configuration.GlobalVars;

import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;

import org.apache.log4j.Logger;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.access.prepost.PreAuthorize;

import org.springframework.web.bind.annotation.CrossOrigin;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

import org.springframework.web.bind.annotation.RestController;

import java.util.HashMap;

import java.util.Map;

@RestController

@CrossOrigin(origins = "*")

@RequestMapping("/authorization-library")

public class AuthorizationLibraryCheckDeployController {

    private final Logger log = Logger.getLogger(this.getClass());

    @Autowired

    private SecurityConfig securityConfig;

    @Autowired

    private GlobalVars globalVars;

    @RequestMapping(value = {"", "/health_check"}, method = RequestMethod.GET)

    public String hello() {

        log.debug("Hello from uoa-authorization-service!");

        return "Hello from uoa-authorization-service!";

    }

    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")

    @RequestMapping(value = "/health_check/advanced", method = RequestMethod.GET)

    public Map<String, String> checkEverything() {

        Map<String, String> response = new HashMap<>();

        response.put("authorization.security.userInfoUrl", securityConfig.getUserInfoUrl());

        if(GlobalVars.date != null) {

            response.put("Date of deploy", GlobalVars.date.toString());

        }

        if(globalVars.getBuildDate() != null) {

            response.put("Date of build", globalVars.getBuildDate());

        }

        if (globalVars.getVersion() != null) {

            response.put("Version", globalVars.getVersion());

        }

        return response;

    }

}

package eu.dnetlib.uoaauthorizationlibrary.utils;

import eu.dnetlib.uoaauthorizationlibrary.configuration.SecurityConfig;

import org.apache.log4j.Logger;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.http.*;

import org.springframework.stereotype.Component;

import org.springframework.web.client.RestClientException;

import org.springframework.web.client.RestTemplate;

import javax.servlet.http.Cookie;

import javax.servlet.http.HttpServletRequest;

import java.util.Arrays;

import java.util.Collections;

@Component

public class AuthorizationUtils {

    private final Logger log = Logger.getLogger(this.getClass());

    private final SecurityConfig securityConfig;

    private final static String TOKEN = "AccessToken";

    private final static String SESSION = "OpenAIRESession";

    @Autowired

    AuthorizationUtils(SecurityConfig securityConfig) {

        this.securityConfig = securityConfig;

    }

    private String getToken(HttpServletRequest request) {

        if (request.getCookies() == null) {

            return null;

        }

        for (Cookie c : request.getCookies()) {

            if (c.getName().equals(TOKEN)) {

                return c.getValue();

            }

        }

        return null;

    }

    public UserInfo getUserInfo(HttpServletRequest request) {

        String url = securityConfig.getUserInfoUrl() + (securityConfig.isDeprecated()?getToken(request):"");

        RestTemplate restTemplate = new RestTemplate();

        try {

            if(hasCookie(request)) {

                ResponseEntity<UserInfo> response = restTemplate.exchange(url, HttpMethod.GET, createHeaders(request), UserInfo.class);

                return  response.getBody();

            }

            return null;

        } catch (RestClientException e) {

            log.error(url + ":" + e.getMessage());

            return null;

        }

    }

    private boolean hasCookie(HttpServletRequest request) {

        Cookie[] cookies = request.getCookies();

        if(cookies != null) {

            if (securityConfig.isDeprecated()) {

                return Arrays.stream(cookies).anyMatch(cookie -> cookie.getName().equalsIgnoreCase(TOKEN));

            } else {

                return Arrays.stream(cookies).anyMatch(cookie -> cookie.getName().equalsIgnoreCase(SESSION));

            }

        }

        return false;

    }

    private HttpEntity<HttpHeaders> createHeaders(HttpServletRequest request) {

        HttpHeaders headers = new HttpHeaders();

        headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));

        headers.set("Cookie", request.getHeader("Cookie"));

        return new HttpEntity<>(headers);

    }

}

package eu.dnetlib.uoaauthorizationlibrary.utils;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.authority.SimpleGrantedAuthority;

import java.util.HashSet;

import java.util.Set;

public class UserInfo {

    private String sub;

    private String name;

    private String given_name;

    private String family_name;

    private String email;

    private Set<String> roles;

    @Override

    public String toString() {

        return "UserInfo{" +

                "sub='" + sub + '\'' +

                "name='" + name + '\'' +

                ", email='" + email + '\'' +

                ", roles=" + roles +

                '}';

    }

    public String getSub() {

        return sub;

    }

    public void setSub(String sub) {

        this.sub = sub;

    }

    public String getName() {

        return name;

    }

    public void setName(String name) {

        this.name = name;

    }

    public String getGiven_name() {

        return given_name;

    }

    public void setGiven_name(String given_name) {

        this.given_name = given_name;

    }

    public String getFamily_name() {

        return family_name;

    }

    public void setFamily_name(String family_name) {

        this.family_name = family_name;

    }

    public String getEmail() {

        return email;

    }

    public void setEmail(String email) {

        this.email = email;

    }

    public Set<String> getRoles() {

        return roles;

    }

    public void setRoles(Set<String> roles) {

        this.roles = roles;

    }

    public Set<GrantedAuthority> getAuthorities() {

        Set<GrantedAuthority> authorities = new HashSet<>();

        for(String role : roles) {

            authorities.add(new SimpleGrantedAuthority(role));

        }

        return authorities;

    }

}

package eu.dnetlib.uoaauthorizationlibrary.security;

import org.apache.log4j.Logger;

import org.springframework.security.core.Authentication;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.context.SecurityContextHolder;

import org.springframework.stereotype.Component;

import java.util.ArrayList;

import java.util.List;

import java.util.stream.Collectors;

@Component(value = "AuthorizationService")

public class AuthorizationService {

    private final Logger log = Logger.getLogger(this.getClass());

    public final String PORTAL_ADMIN = "PORTAL_ADMINISTRATOR";

    public final String ANONYMOUS_USER = "ROLE_ANONYMOUS";

    public final String REGISTERED_USER = "REGISTERED_USER";

    private String mapType(String type, boolean communityMap) {

        if (type.equals("organization")) {

            type = "institution";

        } else if (type.equals("ri") && communityMap) {

            type = "community";

        }

        return type;

    }

    /**

     * Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT

     */

    public String curator(String type) {

        return "CURATOR_" + mapType(type, true).toUpperCase();

    }

    /**

     * Type = FUNDER | COMMUNITY | INSTITUTION | PROJECT

     * <p>

     * Id = EE, EGI, etc

     */

    public String manager(String type, String id) {

        return mapType(type, true).toUpperCase() + "_" + id.toUpperCase() + "_MANAGER";

    }

    /**

     * Type = FUNDER | COMMUNITY | RI | INSTITUTION | PROJECT

     * <p>

     * Id = EE, EGI, etc

     */

    public String member(String type, String id) {

        return mapType(type, false).toUpperCase() + "_" + id.toUpperCase();

    }

    public boolean isPortalAdmin() {

        return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(PORTAL_ADMIN));

    }

    public boolean isCurator(String type) {

        return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(curator(type)));

    }

    public boolean isManager(String type, String id) {

        return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(manager(type, id)));

    }

    public boolean isMember(String type, String id) {

        return getRoles().stream().anyMatch(authority -> authority.equalsIgnoreCase(member(type, id)));

    }

    public List<String> getRoles() {

        OpenAIREAuthentication authentication = getAuthentication();

        if (authentication != null && authentication.isAuthenticated()) {

            return authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());

        }

        return new ArrayList<>();

    }

    public String getAaiId() {

        OpenAIREAuthentication authentication = getAuthentication();

        if (authentication != null && authentication.isAuthenticated()) {

            return authentication.getUser().getSub();

        }

        return null;

    }

    public String getEmail() {

        OpenAIREAuthentication authentication = getAuthentication();

        if (authentication != null && authentication.isAuthenticated()) {

            return authentication.getUser().getEmail();

        }

        return null;

    }

    private OpenAIREAuthentication getAuthentication() {

        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

        if(authentication instanceof OpenAIREAuthentication) {

            return (OpenAIREAuthentication) authentication;

        } else {

            return null;

        }

    }

}

package eu.dnetlib.uoaauthorizationlibrary.security;

import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;

import org.apache.log4j.Logger;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.core.context.SecurityContextHolder;

import org.springframework.stereotype.Component;

import javax.servlet.*;

import javax.servlet.http.HttpServletRequest;

import java.io.IOException;

@Component

public class AuthorizationFilter implements Filter {

    private final AuthorizationProvider authorizationProvider;

    private final Logger log = Logger.getLogger(this.getClass());

    @Autowired

    AuthorizationFilter(AuthorizationProvider authorizationProvider) {

        this.authorizationProvider = authorizationProvider;

    }

    @Override

    public void init(FilterConfig filterConfig) throws ServletException {}

    @Override

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {

        OpenAIREAuthentication auth = authorizationProvider.getAuthentication((HttpServletRequest) req);

        if(auth.isAuthenticated()) {

            SecurityContextHolder.getContext().setAuthentication(auth);

        }

        filterChain.doFilter(req, res);

    }

    @Override

    public void destroy() {

    }

}

package eu.dnetlib.uoaauthorizationlibrary.security;

import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;

import org.springframework.security.config.annotation.SecurityConfigurerAdapter;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.web.DefaultSecurityFilterChain;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

public class AuthorizationFilterConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {

    private final AuthorizationFilter filter;

    @Override

    public void init(HttpSecurity http) throws Exception {

        http.csrf().disable();

    }

    public AuthorizationFilterConfigurer(AuthorizationFilter filter) {

        this.filter = filter;

    }

    @Override

    public void configure(HttpSecurity http) throws Exception {

        http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);

    }

}

package eu.dnetlib.uoaauthorizationlibrary.security;

import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;

import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;

@Component

public class AuthorizationProvider {

    private final AuthorizationUtils utils;

    @Autowired

    AuthorizationProvider(AuthorizationUtils utils) {

        this.utils = utils;

    }

    public OpenAIREAuthentication getAuthentication(HttpServletRequest request) {

            UserInfo user = utils.getUserInfo(request);

            if(user != null) {

                return new OpenAIREAuthentication(user);

            }

            return new OpenAIREAuthentication();

    }

}

package eu.dnetlib.uoaauthorizationlibrary.security;

import org.springframework.context.annotation.Configuration;

import org.springframework.web.servlet.config.annotation.CorsRegistry;

import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Configuration

public class CorsConfig extends WebMvcConfigurerAdapter {

    @Override

    public void addCorsMappings(CorsRegistry registry) {

        registry.addMapping("/**")

                .allowedMethods("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS")

                .allowCredentials(true);

    }

}

package eu.dnetlib.uoaauthorizationlibrary.security;

import eu.dnetlib.uoaauthorizationlibrary.utils.UserInfo;

import org.springframework.security.authentication.AbstractAuthenticationToken;

public class OpenAIREAuthentication extends AbstractAuthenticationToken {

    private final UserInfo user;

    public OpenAIREAuthentication() {

        super(null);

        this.user = null;

        setAuthenticated(false);

    }

    public OpenAIREAuthentication(UserInfo user) {

        super(user.getAuthorities());

        this.user = user;

        setAuthenticated(true);

    }

    @Override

    public Object getCredentials() {

        return getUser().getSub();

    }

    @Override

    public Object getPrincipal() {

        return getUser();

    }

    public UserInfo getUser() {

        return user;

    }

}

package eu.dnetlib.uoaauthorizationlibrary.security;

import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.ComponentScan;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.config.http.SessionCreationPolicy;

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)

@EnableWebSecurity

@ComponentScan(basePackages = {"eu.dnetlib.uoaauthorizationlibrary.*"})

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final AuthorizationFilter filter;

    @Autowired

    WebSecurityConfig(AuthorizationFilter filter) {

        this.filter = filter;

    }

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http.apply(new AuthorizationFilterConfigurer(filter));

        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        http.authorizeRequests().anyRequest().permitAll();

        http.httpBasic().authenticationEntryPoint(new EntryPoint());

    }

}

package eu.dnetlib.uoaauthorizationlibrary.security;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.web.AuthenticationEntryPoint;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

public class EntryPoint implements AuthenticationEntryPoint {

    @Override

    public void commence(HttpServletRequest request, HttpServletResponse response,

                         AuthenticationException authException) throws IOException {

        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());

    }

}

#dev

authorization.security.userInfoUrl = http://mpagasas.di.uoa.gr:8080/login-service/userInfo

authorization.globalVars.buildDate=@timestampAuthorizationLibrary@

authorization.globalVars.version=@project.version@