Commit e0634ecc authored by Matija Obreza's avatar Matija Obreza

Allow setting oauth client password

WebApiFilter takes client_id from path
parent 4e2af4ba
......@@ -33,7 +33,7 @@ public interface OAuth2ClientDetailsService extends ClientDetailsService {
Collection<OAuthAccessToken> findTokensByUserUuid(String uuid);
OAuthClientDetails addClientDetails(String title, String description, String redirectUri, Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds, OAuthClientType clientType);
OAuthClientDetails update(OAuthClientDetails clientDetails, String title, String description, String registeredRedirectUris, Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds);
OAuthClientDetails update(OAuthClientDetails clientDetails, String title, String description, String clientSecret, String redirectUris, Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds);
List<OAuthClientDetails> listClientDetails();
......
......@@ -128,10 +128,11 @@ public class OAuth2ClientDetailsServiceImpl implements OAuth2ClientDetailsServic
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#clientDetails, 'WRITE')")
@Override
public OAuthClientDetails update(OAuthClientDetails clientDetails, String title, String description, String redirectUris,
public OAuthClientDetails update(OAuthClientDetails clientDetails, String title, String description, String clientSecret, String redirectUris,
Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds) {
clientDetails.setTitle(title);
clientDetails.setDescription(description);
clientDetails.setClientSecret(StringUtils.defaultIfEmpty(clientSecret, null));
clientDetails.setRedirectUris(redirectUris);
clientDetails.setAccessTokenValiditySeconds(accessTokenValiditySeconds);
clientDetails.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds);
......
......@@ -148,12 +148,14 @@ public class OAuthManagementController extends BaseController {
@RequestMapping(value = "/save-client", method = RequestMethod.POST, params = { "id", "action-save" })
public String saveExistinClient(Model model, @RequestParam("title") String title, @RequestParam("description") String description,
@RequestParam("id") long id, @RequestParam(value = "redirectUris", required = false) String redirectUris,
@RequestParam("id") long id, @RequestParam(value = "client_secret", required = false) String clientSecret,
@RequestParam(value = "redirectUris", required = false) String redirectUris,
@RequestParam("accessTokenValiditySeconds") Integer accessTokenValiditySeconds,
@RequestParam("refreshTokenValiditySeconds") Integer refreshTokenValiditySeconds,
@RequestParam(value = "clientType", required = false) OAuthClientType clientType) {
final OAuthClientDetails clientDetails = clientDetailsService.update(clientDetailsService.getClientDetails(id), title, description, redirectUris, accessTokenValiditySeconds, refreshTokenValiditySeconds);
final OAuthClientDetails clientDetails = clientDetailsService.update(clientDetailsService.getClientDetails(id), title, description, clientSecret, redirectUris,
accessTokenValiditySeconds, refreshTokenValiditySeconds);
return "redirect:/management/" + clientDetails.getId() + "/edit";
}
......
......@@ -36,6 +36,7 @@ import org.apache.http.impl.client.DefaultHttpClient;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.HandlerMapping;
......@@ -44,7 +45,7 @@ import org.springframework.web.servlet.HandlerMapping;
*/
@Controller
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/webapi/es")
@RequestMapping(value = "/webapi")
public class ElasticsearchHelper {
@Value("${elasticsearch.url}")
......@@ -52,16 +53,16 @@ public class ElasticsearchHelper {
public static final Log LOG = LogFactory.getLog(ElasticsearchHelper.class);
@RequestMapping("/**")
public void relay2(HttpServletRequest request, HttpServletResponse response) throws IOException {
@RequestMapping("/{clientId}/es/**")
public void relay2(@PathVariable("clientId") String clientId, HttpServletRequest request, HttpServletResponse response) throws IOException {
String foo = (String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
foo = foo.substring("/webapi".length() + 1);
foo = foo.substring("/webapi".length() + 1 + clientId.length() + 1 + "es".length() + 1);
String queryString = request.getQueryString();
String method = request.getMethod();
if (LOG.isDebugEnabled()) {
LOG.debug("Kibana path: " + foo);
LOG.debug("Kibana qs: " + queryString);
LOG.debug("Kibana method: " + method);
LOG.debug("ES path: " + foo);
LOG.debug("ES qs: " + queryString);
LOG.debug("ES method: " + method);
}
final HttpClient httpclient = new DefaultHttpClient();
......@@ -82,7 +83,9 @@ public class ElasticsearchHelper {
HttpResponse esResponse = null;
try {
LOG.info("Proxy " + req);
if (LOG.isDebugEnabled()) {
LOG.debug("Proxy " + req);
}
esResponse = httpclient.execute(req);
HttpEntity e = esResponse.getEntity();
response.setContentType(e.getContentType().getValue());
......
......@@ -18,6 +18,8 @@ package org.genesys2.server.servlet.filter;
import java.io.IOException;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
......@@ -29,7 +31,10 @@ import org.genesys2.server.service.OAuth2ClientDetailsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
......@@ -37,6 +42,8 @@ import org.springframework.web.filter.OncePerRequestFilter;
public class WebApiFilter extends OncePerRequestFilter {
private static final Logger _logger = LoggerFactory.getLogger(WebApiFilter.class);
private Pattern webapiUri = Pattern.compile("/webapi/([^@]+@[^/]+)/.+");
@Autowired
private OAuth2ClientDetailsService clientDetailsService;
......@@ -46,21 +53,47 @@ public class WebApiFilter extends OncePerRequestFilter {
String clientSecret = request.getParameter("client_secret");
String referrer = request.getHeader("Referer");
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
if (clientId == null) {
String requestURI = request.getRequestURI();
if (_logger.isDebugEnabled()) _logger.debug("PATH=" + requestURI);
Matcher m = webapiUri.matcher(requestURI);
if (m.matches()) {
clientId = m.group(1);
if (_logger.isDebugEnabled())
_logger.debug("client_id=" + clientId);
}
}
try {
if (StringUtils.isBlank(clientId)) {
throw new Exception("client_id not provided");
}
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
if (clientDetails == null) {
throw new Exception("Invalid client_id, client_secret combination");
}
if (StringUtils.isNotBlank(clientDetails.getClientSecret()) && !clientDetails.getClientSecret().equals(clientSecret)) {
throw new Exception("Invalid client secret");
}
if (StringUtils.isBlank(referrer)) {
throw new Exception("Referrer not provided by client");
}
if (! isRegisteredReferrer(referrer, clientDetails.getRegisteredRedirectUri())) {
if (!isRegisteredReferrer(referrer, clientDetails.getRegisteredRedirectUri())) {
throw new Exception("Referrer not registered with client " + referrer);
}
filterChain.doFilter(request, response);
Authentication webapiClient = new PreAuthenticatedAuthenticationToken(clientDetails.getClientId(), null, clientDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(webapiClient);
try {
filterChain.doFilter(request, response);
} finally {
SecurityContextHolder.getContext().setAuthentication(null);
}
} catch (Throwable e) {
_logger.warn(e.getMessage());
......
......@@ -126,4 +126,4 @@ cache.tileserver.max-idle-seconds=0
cache.tileserver.eviction-policy=LRU
# Connection to Elasticsearch
elasticsearch.url=http://localhost:9200/
\ No newline at end of file
elasticsearch.url=http://localhost:9200/
......@@ -27,7 +27,7 @@
<div class="form-group">
<label for="secret" class="col-lg-2 control-label"><spring:message code="oauth-client.secret" /></label>
<div class="col-lg-10">
<span class="form-control"><c:out value="${clientDetails.clientSecret}" /></span>
<input type="text" name="client_secret" class="form-control" value="<c:out value="${clientDetails.clientSecret}" />" />
</div>
</div>
<div class="form-group">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment