From b39b7cf90b5fbc10cc7aad438db6b2f5728cc116 Mon Sep 17 00:00:00 2001
From: Sonia Zorba <sonia.zorba@inaf.it>
Date: Fri, 25 Sep 2020 17:50:24 +0200
Subject: [PATCH] Franco's version support
---
.../it/inaf/ia2/gms/authn/ClientDbFilter.java | 24 +++++++++++++++++
.../ia2/gms/authn/CustomIdTokenConverter.java | 5 ++++
.../it/inaf/ia2/gms/authn/SecurityConfig.java | 9 +++++++
.../java/it/inaf/ia2/gms/rap/RapClient.java | 27 ++++++++++++++++++-
gms/src/main/resources/application.properties | 17 ++++++------
5 files changed, 73 insertions(+), 9 deletions(-)
create mode 100644 gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java b/gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java
new file mode 100644
index 0000000..578926c
--- /dev/null
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java
@@ -0,0 +1,24 @@
+package it.inaf.ia2.gms.authn;
+
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+public class ClientDbFilter implements Filter {
+
+ private static final String CLIENT_DB = "client_db";
+
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
+ HttpServletRequest request = (HttpServletRequest) req;
+ String clientDb = request.getParameter(CLIENT_DB);
+ if (clientDb != null) {
+ request.getSession().setAttribute(CLIENT_DB, clientDb);
+ }
+ fc.doFilter(req, res);
+ }
+}
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java b/gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java
index ee5d1e5..96f262c 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java
@@ -26,6 +26,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
String idTokenString = (String) map.get("id_token");
String accessTokenString = (String) map.get("access_token");
+ // Needed for Franco's version: access_token is equal to id_token
+ if (accessTokenString == null) {
+ accessTokenString = idTokenString;
+ }
+
OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString);
OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString);
String refreshToken = (String) map.get("refresh_token");
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java b/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java
index aa1dd23..ca50bb8 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java
@@ -75,6 +75,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
web.ignoring().antMatchers("/ws/jwt/**", "/error", "/logout", "/invited-registration", "/help/**");
}
+ @Bean
+ public FilterRegistrationBean clientDbFilter() {
+ FilterRegistrationBean bean = new FilterRegistrationBean();
+ bean.setFilter(new ClientDbFilter());
+ bean.addUrlPatterns("/*");
+ bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return bean;
+ }
+
/**
* Checks JWT for web services.
*/
diff --git a/gms/src/main/java/it/inaf/ia2/gms/rap/RapClient.java b/gms/src/main/java/it/inaf/ia2/gms/rap/RapClient.java
index 5d8b2bd..1b3d792 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/rap/RapClient.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/rap/RapClient.java
@@ -9,6 +9,10 @@ import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.apache.commons.codec.binary.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.ParameterizedTypeReference;
@@ -26,6 +30,8 @@ import org.springframework.web.client.RestTemplate;
@Component
public class RapClient {
+ private static final Logger LOG = LoggerFactory.getLogger(RapClient.class);
+
@Value("${rap.ws-url}")
private String rapBaseUrl;
@@ -41,6 +47,11 @@ public class RapClient {
@Value("${security.oauth2.client.scope}")
private String scope;
+ /* Use basic auth instead of JWT when asking for users
+ * Needed for Franco's version. */
+ @Value("${rap.ws.basic-auth}")
+ private boolean basicAuth;
+
@Autowired
private HttpServletRequest request;
@@ -116,7 +127,21 @@ public class RapClient {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
- if (request.getSession(false) != null) {
+
+ if (basicAuth) { // Franco's version
+ String auth = clientId + ":" + clientSecret;
+ String encodedAuth = Base64.encodeBase64String(auth.getBytes());
+ headers.add("Authorization", "Basic " + encodedAuth);
+
+ HttpSession session = request.getSession(false);
+ if (session != null) {
+ String clientDb = (String) session.getAttribute("client_db");
+ if (clientDb != null) {
+ headers.add("client_db", clientDb);
+ LOG.debug("client_db=" + clientDb);
+ }
+ }
+ } else if (request.getSession(false) != null) {
headers.add("Authorization", "Bearer " + sessionData.getAccessToken());
} else {
// from JWT web service
diff --git a/gms/src/main/resources/application.properties b/gms/src/main/resources/application.properties
index b096d05..c0b7369 100644
--- a/gms/src/main/resources/application.properties
+++ b/gms/src/main/resources/application.properties
@@ -6,25 +6,26 @@ server.error.whitelabel.enabled=false
security.oauth2.client.client-id=gms
security.oauth2.client.client-secret=gms-secret
-security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token
-security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize
-security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token
-security.oauth2.client.scope=openid,email,profile,read:rap
-security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks
+security.oauth2.client.access-token-uri=http://localhost/franco/fake-rap/token.php
+security.oauth2.client.user-authorization-uri=http://localhost/franco/fake-rap/index.php
+security.oauth2.resource.token-info-uri=http://localhost/franco/fake-rap/check-token.php
+security.oauth2.client.scope=openid,email,profile
+security.oauth2.resource.jwk.key-set-uri=http://localhost/franco/fake-rap/jwks.php
logging.level.it.inaf=TRACE
logging.level.org.springframework.security=DEBUG
logging.level.org.springframework.jdbc=TRACE
logging.level.org.springframework.web=TRACE
-spring.datasource.url=jdbc:postgresql://localhost:5432/gms2
+spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/postgres
spring.datasource.username=gms
spring.datasource.password=gms
-rap.ws-url=http://localhost/rap-ia2/ws
+rap.ws-url=http://localhost/franco/fake-rap/get-users.php
+rap.ws.basic-auth=true
support.contact.label=IA2 team
support.contact.email=ia2@inaf.it
# For development only:
spring.profiles.active=dev
-cors.allowed.origin=http://localhost:8080
+cors.allowed.origin=http://localhost
--
GitLab