oidc implementation

6e9e2f48 · Baptiste Toulemonde · f21ea47e · 6e9e2f48 · 6e9e2f48 · 6e9e2f48
Commit 6e9e2f48 authored 3 years ago by Baptiste Toulemonde
--- a/src/main/java/com/smartharvester/config/SmartHarvesterSecurityConfiguration.java
+++ b/src/main/java/com/smartharvester/config/SmartHarvesterSecurityConfiguration.java
@@ -3,27 +3,37 @@ package com.smartharvester.config;
 import java.io.IOException;
 import java.util.Collections;

+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.smartharvester.controller.SmartHarvesterMappingController;

 @Configuration
 @EnableWebSecurity
+@Order(1)
 public class SmartHarvesterSecurityConfiguration extends WebSecurityConfigurerAdapter {
+	
+	public static final Logger LOGGER = LoggerFactory.getLogger(SmartHarvesterSecurityConfiguration.class);

 	private final ObjectMapper mapper;
 	private final TokenStorage tokenStorage;
@@ -34,23 +44,50 @@ public class SmartHarvesterSecurityConfiguration extends WebSecurityConfigurerAd
 		this.tokenStorage = tokenStorage;
 		this.tokenFilter = tokenFilter;
 	}
+	
+	
+
+	@Override
+	@Bean
+	public AuthenticationManager authenticationManagerBean() throws Exception {
+		return super.authenticationManagerBean();
+	}
+	
+	
+	@Bean
+	public BCryptPasswordEncoder passwordEncoder() {
+	    return new BCryptPasswordEncoder();
+	}
+	
+	void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException, ServletException {
+		response.setStatus(HttpServletResponse.SC_OK);
+	}
+

 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		http.cors().and().authorizeRequests().antMatchers("/oauth2/**", "/login**").permitAll()
+		http.csrf().disable().cors().and().authorizeRequests().antMatchers("/oauth2/**", "/login**").permitAll()
 		.anyRequest().authenticated()
 		.and()
 		.oauth2Login().authorizationEndpoint().authorizationRequestRepository(new InMemoryRequestRepository())
 		.and()
 		.successHandler(this::successHandler)
 		.and()
-		.exceptionHandling().authenticationEntryPoint(this::authenticationEntryPoint);
+		.exceptionHandling().authenticationEntryPoint(this::authenticationEntryPoint)
+		.and()
+		.logout(cust -> cust.addLogoutHandler(this::logout).logoutSuccessHandler(this::onLogoutSuccess));
 		
 		http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
 	}
 	
+	 private void logout(HttpServletRequest request, HttpServletResponse response,
+             Authentication authentication) {
+     // You can process token here
+     LOGGER.info("Auth token is - " + request.getHeader( "Authorization" ));
+ }
+	
 	@Bean
-	public CorsConfigurationSource corsConfiguration() {
+	public CorsConfigurationSource corsConfigurationSource() {
 		CorsConfiguration config = new CorsConfiguration();
 		config.setAllowedMethods( Collections.singletonList( "*" ) );
        config.setAllowedOrigins( Collections.singletonList( "*" ) );

--- a/src/main/java/com/smartharvester/controller/SmartHarvesterUserController.java
+++ b/src/main/java/com/smartharvester/controller/SmartHarvesterUserController.java
@@ -20,15 +20,16 @@ import org.springframework.data.mongodb.core.MongoTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.web.bind.annotation.*;

+import java.security.Principal;
 import java.util.*;

 @CrossOrigin(origins = "*")
 @RestController
 @Tag(name = "SmartHarvester users", description = "User management")
 @RequestMapping("/harvester/api")
-
 public class SmartHarvesterUserController {

    @Autowired
@@ -40,9 +41,9 @@ public class SmartHarvesterUserController {
    @Autowired
    private UserDaoSevice userService;
    
-    @GetMapping("/username")
-    public String getUserName(@AuthenticationPrincipal(expression = "attributes['name]") String username) {
-    	return username;
+    @GetMapping("/username") 
+    public Principal getUserName(@AuthenticationPrincipal Principal user) {
+    	return user;
    }

    /**

--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -42,7 +42,7 @@ server.error.path=/error
 #9. F2DS Settings Filename
 f2dp.settings.filename=/f2pconf/settings.json

-spring.security.oauth2.client.provider.oidc.issuer-uri=https://iam-pillar.cloud.cnaf.infn.it/.well-known/openid-configuration
+spring.security.oauth2.client.provider.oidc.issuer-uri=https://iam-pillar.cloud.cnaf.infn.it/

 spring.security.oauth2.client.registration.oidc.client-id=a03a6ac2-acfe-4916-9d0f-db874ea94e75
 spring.security.oauth2.client.registration.oidc.client-secret=cLONCJ8MccdHwobCEMSl_sYDJGKpmBxH16SyiRIBx8XeoDa2ZLwzTvF_aVoEeOt3h2sNbZqltRqhfHKeI3g7Dw