Franco's version support

c9de87da · Sonia Zorba · dc98f654 · c9de87da · c9de87da · c9de87da
Commit c9de87da authored 4 years ago by Sonia Zorba
--- a/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
 package it.inaf.ia2.gms;
+import it.inaf.ia2.aa.AuthConfig;
+import it.inaf.ia2.aa.ServiceLocator;
+import it.inaf.ia2.aa.UriCustomizer;
+import it.inaf.ia2.aa.jwt.QueryStringBuilder;
+import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
+import it.inaf.ia2.gms.exception.BadRequestException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Configuration;
@@ -12,5 +20,47 @@ public class GmsApplication {
    public static void main(String[] args) {
        SpringApplication.run(GmsApplication.class, args);
+        AuthConfig authConfig = ServiceLocator.getInstance().getConfig();
+        final String defaultAuthorizationUri = authConfig.getUserAuthorizationUri();
+        authConfig.setAuthorizationUriCustomizer(new UriCustomizer() {
+            @Override
+            public String getBaseUri(HttpServletRequest req) {
+                // for a better security we should check for allowed redirects
+                String redirect = req.getParameter("redirect");
+                if (redirect != null) {
+                    return redirect;
+                }
+                return defaultAuthorizationUri;
+            }
+            @Override
+            public void customizeQueryString(HttpServletRequest req, QueryStringBuilder queryStringBuilder) {
+                String clientDb = req.getParameter(CLIENT_DB);
+                if (clientDb == null) {
+                    HttpSession session = req.getSession(false);
+                    if (session != null) {
+                        clientDb = (String) session.getAttribute(CLIENT_DB);
+                    }
+                }
+                if (clientDb == null) {
+                    throw new BadRequestException("client_db not set");
+                }
+                queryStringBuilder.param(CLIENT_DB, clientDb);
+            }
+        });
+        final String defaultAccessTokenUri = authConfig.getAccessTokenUri();
+        authConfig.setAccessTokenUriCustomizer(req -> {
+            String redirect = req.getParameter("token_uri");
+            if (redirect != null) {
+                return redirect;
+            }
+            return defaultAccessTokenUri;
+        });
    }
 }
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/ClientDbFilter.java
 package it.inaf.ia2.gms.authn;
+import it.inaf.ia2.aa.ServiceLocator;
+import it.inaf.ia2.aa.jwt.JwksClient;
 import java.io.IOException;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 public class ClientDbFilter implements Filter {
-    private static final String CLIENT_DB = "client_db";
+    public static final String CLIENT_DB = "client_db";
+    private String defaultJwksUri;
+    private JwksClient jwksClient;
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        defaultJwksUri = ServiceLocator.getInstance().getConfig().getJwksUri();
+        jwksClient = ServiceLocator.getInstance().getJwksClient();
+    }
    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
+        HttpServletResponse response = (HttpServletResponse) res;
        String clientDb = request.getParameter(CLIENT_DB);
        if (clientDb != null) {
            request.getSession().setAttribute(CLIENT_DB, clientDb);
+            String newUrl = defaultJwksUri.replaceAll("\\?client_name=(.*)", "?client_name=" + clientDb);
+            jwksClient.addJwksUrl(newUrl);
        }
        fc.doFilter(req, res);
    }
 }
--- a/gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java
 package it.inaf.ia2.gms.controller;
+import static it.inaf.ia2.gms.authn.ClientDbFilter.CLIENT_DB;
 import it.inaf.ia2.gms.authn.SessionData;
 import it.inaf.ia2.gms.exception.UnauthorizedException;
 import it.inaf.ia2.gms.manager.InvitedRegistrationManager;
@@ -93,8 +94,9 @@ public class HomePageController {
    @GetMapping(value = "/logout", produces = MediaType.TEXT_HTML_VALUE)
    public void logout(HttpSession httpSession, HttpServletResponse response) throws IOException {
+        String clientDB = (String) httpSession.getAttribute(CLIENT_DB);
        httpSession.invalidate();
        String baseUrl = ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString();
-        response.sendRedirect(baseUrl);
+        response.sendRedirect(baseUrl + "?client_db=" + clientDB);
    }
 }