Franco's version support

gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java

+package it.inaf.ia2.gms.authn;
+
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+public class ClientDbFilter implements Filter {
+
+    private static final String CLIENT_DB = "client_db";
+
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) req;
+        String clientDb = request.getParameter(CLIENT_DB);
+        if (clientDb != null) {
+            request.getSession().setAttribute(CLIENT_DB, clientDb);
+        }
+        fc.doFilter(req, res);
+    }
+}

gms/src/main/java/it/inaf/ia2/gms/authn/CustomIdTokenConverter.java

@@ -26,6 +26,11 @@ public class CustomIdTokenConverter extends DefaultUserAuthenticationConverter {
         String idTokenString = (String) map.get("id_token");
         String accessTokenString = (String) map.get("access_token");
 
+        // Needed for Franco's version: access_token is equal to id_token
+        if (accessTokenString == null) {
+            accessTokenString = idTokenString;
+        }
+
         OAuth2AccessToken token = jwkTokenStore.readAccessToken(idTokenString);
         OAuth2AccessToken accessToken = jwkTokenStore.readAccessToken(accessTokenString);
         String refreshToken = (String) map.get("refresh_token");

gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java

@@ -75,6 +75,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         web.ignoring().antMatchers("/ws/jwt/**", "/error", "/logout", "/invited-registration", "/help/**");
     }
 
+    @Bean
+    public FilterRegistrationBean clientDbFilter() {
+        FilterRegistrationBean bean = new FilterRegistrationBean();
+        bean.setFilter(new ClientDbFilter());
+        bean.addUrlPatterns("/*");
+        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        return bean;
+    }
+
     /**
      * Checks JWT for web services.
      */

gms/src/main/java/it/inaf/ia2/gms/rap/RapClient.java

@@ -9,6 +9,10 @@ import java.util.Map;
 import java.util.Set;
 import java.util.function.Function;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.apache.commons.codec.binary.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.ParameterizedTypeReference;
@@ -26,6 +30,8 @@ import org.springframework.web.client.RestTemplate;
 @Component
 public class RapClient {
 
+    private static final Logger LOG = LoggerFactory.getLogger(RapClient.class);
+
     @Value("${rap.ws-url}")
     private String rapBaseUrl;
 
@@ -41,6 +47,11 @@ public class RapClient {
     @Value("${security.oauth2.client.scope}")
     private String scope;
 
+    /* Use basic auth instead of JWT when asking for users 
+     * Needed for Franco's version. */
+    @Value("${rap.ws.basic-auth}")
+    private boolean basicAuth;
+
     @Autowired
     private HttpServletRequest request;
 
@@ -116,7 +127,21 @@ public class RapClient {
 
         HttpHeaders headers = new HttpHeaders();
         headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
-        if (request.getSession(false) != null) {
+
+        if (basicAuth) { // Franco's version
+            String auth = clientId + ":" + clientSecret;
+            String encodedAuth = Base64.encodeBase64String(auth.getBytes());
+            headers.add("Authorization", "Basic " + encodedAuth);
+
+            HttpSession session = request.getSession(false);
+            if (session != null) {
+                String clientDb = (String) session.getAttribute("client_db");
+                if (clientDb != null) {
+                    headers.add("client_db", clientDb);
+                    LOG.debug("client_db=" + clientDb);
+                }
+            }
+        } else if (request.getSession(false) != null) {
             headers.add("Authorization", "Bearer " + sessionData.getAccessToken());
         } else {
             // from JWT web service

gms/src/main/resources/application.properties

@@ -6,25 +6,26 @@ server.error.whitelabel.enabled=false
 
 security.oauth2.client.client-id=gms
 security.oauth2.client.client-secret=gms-secret
-security.oauth2.client.access-token-uri=http://localhost/rap-ia2/auth/oauth2/token
-security.oauth2.client.user-authorization-uri=http://localhost/rap-ia2/auth/oauth2/authorize
-security.oauth2.resource.token-info-uri=http://localhost/rap-ia2/auth/oauth2/check_token
-security.oauth2.client.scope=openid,email,profile,read:rap
-security.oauth2.resource.jwk.key-set-uri=http://localhost/rap-ia2/auth/oidc/jwks
+security.oauth2.client.access-token-uri=http://localhost/franco/fake-rap/token.php
+security.oauth2.client.user-authorization-uri=http://localhost/franco/fake-rap/index.php
+security.oauth2.resource.token-info-uri=http://localhost/franco/fake-rap/check-token.php
+security.oauth2.client.scope=openid,email,profile
+security.oauth2.resource.jwk.key-set-uri=http://localhost/franco/fake-rap/jwks.php
 
 logging.level.it.inaf=TRACE
 logging.level.org.springframework.security=DEBUG
 logging.level.org.springframework.jdbc=TRACE
 logging.level.org.springframework.web=TRACE
 
-spring.datasource.url=jdbc:postgresql://localhost:5432/gms2
+spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/postgres
 spring.datasource.username=gms
 spring.datasource.password=gms
 
-rap.ws-url=http://localhost/rap-ia2/ws
+rap.ws-url=http://localhost/franco/fake-rap/get-users.php
+rap.ws.basic-auth=true
 support.contact.label=IA2 team
 support.contact.email=ia2@inaf.it
 
 # For development only:
 spring.profiles.active=dev
-cors.allowed.origin=http://localhost:8080
+cors.allowed.origin=http://localhost