diff --git a/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java b/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
index a3b2a8f4c3c586824ecaad0ed62fb075ac3a8532..258cc648701faa5edc39702daeee6010f75b3a10 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
@@ -1,5 +1,13 @@
package it.inaf.ia2.gms;
+import it.inaf.ia2.aa.AuthConfig;
+import it.inaf.ia2.aa.ServiceLocator;
+import it.inaf.ia2.aa.UriCustomizer;
+import it.inaf.ia2.aa.jwt.QueryStringBuilder;
+import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
+import it.inaf.ia2.gms.exception.BadRequestException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Configuration;
@@ -12,5 +20,47 @@ public class GmsApplication {
public static void main(String[] args) {
SpringApplication.run(GmsApplication.class, args);
+
+ AuthConfig authConfig = ServiceLocator.getInstance().getConfig();
+
+ final String defaultAuthorizationUri = authConfig.getUserAuthorizationUri();
+
+ authConfig.setAuthorizationUriCustomizer(new UriCustomizer() {
+
+ @Override
+ public String getBaseUri(HttpServletRequest req) {
+ // for a better security we should check for allowed redirects
+ String redirect = req.getParameter("redirect");
+ if (redirect != null) {
+ return redirect;
+ }
+ return defaultAuthorizationUri;
+ }
+
+ @Override
+ public void customizeQueryString(HttpServletRequest req, QueryStringBuilder queryStringBuilder) {
+ String clientDb = req.getParameter(CLIENT_DB);
+ if (clientDb == null) {
+ HttpSession session = req.getSession(false);
+ if (session != null) {
+ clientDb = (String) session.getAttribute(CLIENT_DB);
+ }
+ }
+ if (clientDb == null) {
+ throw new BadRequestException("client_db not set");
+ }
+ queryStringBuilder.param(CLIENT_DB, clientDb);
+ }
+ });
+
+ final String defaultAccessTokenUri = authConfig.getAccessTokenUri();
+
+ authConfig.setAccessTokenUriCustomizer(req -> {
+ String redirect = req.getParameter("token_uri");
+ if (redirect != null) {
+ return redirect;
+ }
+ return defaultAccessTokenUri;
+ });
}
}
diff --git a/gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java b/gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java
index 578926ce9edcd5efb979699a7c8395ff02821e24..251dd4669ba03152e0571a3b5a326edbf45f2d91 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java
@@ -1,24 +1,43 @@
package it.inaf.ia2.gms.authn;
+import it.inaf.ia2.aa.ServiceLocator;
+import it.inaf.ia2.aa.jwt.JwksClient;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
public class ClientDbFilter implements Filter {
- private static final String CLIENT_DB = "client_db";
+ public static final String CLIENT_DB = "client_db";
+
+ private String defaultJwksUri;
+ private JwksClient jwksClient;
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ defaultJwksUri = ServiceLocator.getInstance().getConfig().getJwksUri();
+ jwksClient = ServiceLocator.getInstance().getJwksClient();
+ }
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
+
HttpServletRequest request = (HttpServletRequest) req;
+ HttpServletResponse response = (HttpServletResponse) res;
+
String clientDb = request.getParameter(CLIENT_DB);
if (clientDb != null) {
request.getSession().setAttribute(CLIENT_DB, clientDb);
+ String newUrl = defaultJwksUri.replaceAll("\\?client_name=(.*)", "?client_name=" + clientDb);
+ jwksClient.addJwksUrl(newUrl);
}
+
fc.doFilter(req, res);
}
}
diff --git a/gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java b/gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java
index d39135f85d0b59659946b9e2fefcbcb4d4845689..90a02bb60bdf1dc60fbf8bfcf88f3220ca244e8c 100644
--- a/gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java
@@ -1,5 +1,6 @@
package it.inaf.ia2.gms.controller;
+import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.exception.UnauthorizedException;
import it.inaf.ia2.gms.manager.InvitedRegistrationManager;
@@ -93,8 +94,9 @@ public class HomePageController {
@GetMapping(value = "/logout", produces = MediaType.TEXT_HTML_VALUE)
public void logout(HttpSession httpSession, HttpServletResponse response) throws IOException {
+ String clientDB = (String) httpSession.getAttribute(CLIENT_DB);
httpSession.invalidate();
String baseUrl = ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString();
- response.sendRedirect(baseUrl);
+ response.sendRedirect(baseUrl + "?client_db=" + clientDB);
}
}