From 6e9e2f489fbe84d57fac517ba8f21ff97cfd00af Mon Sep 17 00:00:00 2001
From: Baptiste Toulemonde <toulemonde@cines.fr>
Date: Thu, 25 Nov 2021 14:09:12 +0100
Subject: [PATCH] oidc implementation

---
 .../SmartHarvesterSecurityConfiguration.java  | 43 +++++++++++++++++--
 .../SmartHarvesterUserController.java         |  9 ++--
 src/main/resources/application.properties     |  2 +-
 3 files changed, 46 insertions(+), 8 deletions(-)

diff --git a/src/main/java/com/smartharvester/config/SmartHarvesterSecurityConfiguration.java b/src/main/java/com/smartharvester/config/SmartHarvesterSecurityConfiguration.java
index a729bbf..5471ad2 100644
--- a/src/main/java/com/smartharvester/config/SmartHarvesterSecurityConfiguration.java
+++ b/src/main/java/com/smartharvester/config/SmartHarvesterSecurityConfiguration.java
@@ -3,27 +3,37 @@ package com.smartharvester.config;
 import java.io.IOException;
 import java.util.Collections;
 
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.smartharvester.controller.SmartHarvesterMappingController;
 
 @Configuration
 @EnableWebSecurity
+@Order(1)
 public class SmartHarvesterSecurityConfiguration extends WebSecurityConfigurerAdapter {
+	
+	public static final Logger LOGGER = LoggerFactory.getLogger(SmartHarvesterSecurityConfiguration.class);
 
 	private final ObjectMapper mapper;
 	private final TokenStorage tokenStorage;
@@ -34,23 +44,50 @@ public class SmartHarvesterSecurityConfiguration extends WebSecurityConfigurerAd
 		this.tokenStorage = tokenStorage;
 		this.tokenFilter = tokenFilter;
 	}
+	
+	
+
+	@Override
+	@Bean
+	public AuthenticationManager authenticationManagerBean() throws Exception {
+		return super.authenticationManagerBean();
+	}
+	
+	
+	@Bean
+	public BCryptPasswordEncoder passwordEncoder() {
+	    return new BCryptPasswordEncoder();
+	}
+	
+	void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException, ServletException {
+		response.setStatus(HttpServletResponse.SC_OK);
+	}
+
 
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		http.cors().and().authorizeRequests().antMatchers("/oauth2/**", "/login**").permitAll()
+		http.csrf().disable().cors().and().authorizeRequests().antMatchers("/oauth2/**", "/login**").permitAll()
 		.anyRequest().authenticated()
 		.and()
 		.oauth2Login().authorizationEndpoint().authorizationRequestRepository(new InMemoryRequestRepository())
 		.and()
 		.successHandler(this::successHandler)
 		.and()
-		.exceptionHandling().authenticationEntryPoint(this::authenticationEntryPoint);
+		.exceptionHandling().authenticationEntryPoint(this::authenticationEntryPoint)
+		.and()
+		.logout(cust -> cust.addLogoutHandler(this::logout).logoutSuccessHandler(this::onLogoutSuccess));
 		
 		http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
 	}
 	
+	 private void logout(HttpServletRequest request, HttpServletResponse response,
+             Authentication authentication) {
+     // You can process token here
+     LOGGER.info("Auth token is - " + request.getHeader( "Authorization" ));
+ }
+	
 	@Bean
-	public CorsConfigurationSource corsConfiguration() {
+	public CorsConfigurationSource corsConfigurationSource() {
 		CorsConfiguration config = new CorsConfiguration();
 		config.setAllowedMethods( Collections.singletonList( "*" ) );
         config.setAllowedOrigins( Collections.singletonList( "*" ) );
diff --git a/src/main/java/com/smartharvester/controller/SmartHarvesterUserController.java b/src/main/java/com/smartharvester/controller/SmartHarvesterUserController.java
index 3de6794..bcfe474 100644
--- a/src/main/java/com/smartharvester/controller/SmartHarvesterUserController.java
+++ b/src/main/java/com/smartharvester/controller/SmartHarvesterUserController.java
@@ -20,15 +20,16 @@ import org.springframework.data.mongodb.core.MongoTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.web.bind.annotation.*;
 
+import java.security.Principal;
 import java.util.*;
 
 @CrossOrigin(origins = "*")
 @RestController
 @Tag(name = "SmartHarvester users", description = "User management")
 @RequestMapping("/harvester/api")
-
 public class SmartHarvesterUserController {
 
     @Autowired
@@ -40,9 +41,9 @@ public class SmartHarvesterUserController {
     @Autowired
     private UserDaoSevice userService;
     
-    @GetMapping("/username")
-    public String getUserName(@AuthenticationPrincipal(expression = "attributes['name]") String username) {
-    	return username;
+    @GetMapping("/username") 
+    public Principal getUserName(@AuthenticationPrincipal Principal user) {
+    	return user;
     }
 
     /**
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 3aadf4e..13a3693 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -42,7 +42,7 @@ server.error.path=/error
 #9. F2DS Settings Filename
 f2dp.settings.filename=/f2pconf/settings.json
 
-spring.security.oauth2.client.provider.oidc.issuer-uri=https://iam-pillar.cloud.cnaf.infn.it/.well-known/openid-configuration
+spring.security.oauth2.client.provider.oidc.issuer-uri=https://iam-pillar.cloud.cnaf.infn.it/
 
 spring.security.oauth2.client.registration.oidc.client-id=a03a6ac2-acfe-4916-9d0f-db874ea94e75
 spring.security.oauth2.client.registration.oidc.client-secret=cLONCJ8MccdHwobCEMSl_sYDJGKpmBxH16SyiRIBx8XeoDa2ZLwzTvF_aVoEeOt3h2sNbZqltRqhfHKeI3g7Dw
-- 
GitLab