Allow setting oauth client password

WebApiFilter takes client_id from path

src/main/java/org/genesys2/server/service/OAuth2ClientDetailsService.java

@@ -33,7 +33,7 @@ public interface OAuth2ClientDetailsService extends ClientDetailsService {
 	Collection<OAuthAccessToken> findTokensByUserUuid(String uuid);
 
 	OAuthClientDetails addClientDetails(String title, String description, String redirectUri, Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds, OAuthClientType clientType);
-	OAuthClientDetails update(OAuthClientDetails clientDetails, String title, String description, String registeredRedirectUris, Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds);
+	OAuthClientDetails update(OAuthClientDetails clientDetails, String title, String description, String clientSecret, String redirectUris, Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds);
 
 	List<OAuthClientDetails> listClientDetails();
 

src/main/java/org/genesys2/server/service/impl/OAuth2ClientDetailsServiceImpl.java

@@ -128,10 +128,11 @@ public class OAuth2ClientDetailsServiceImpl implements OAuth2ClientDetailsServic
 
 	@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#clientDetails, 'WRITE')")
 	@Override
-	public OAuthClientDetails update(OAuthClientDetails clientDetails, String title, String description, String redirectUris,
+	public OAuthClientDetails update(OAuthClientDetails clientDetails, String title, String description, String clientSecret, String redirectUris,
 			Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds) {
 		clientDetails.setTitle(title);
 		clientDetails.setDescription(description);
+		clientDetails.setClientSecret(StringUtils.defaultIfEmpty(clientSecret, null));
 		clientDetails.setRedirectUris(redirectUris);
 		clientDetails.setAccessTokenValiditySeconds(accessTokenValiditySeconds);
 		clientDetails.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds);

src/main/java/org/genesys2/server/servlet/controller/OAuthManagementController.java

@@ -148,12 +148,14 @@ public class OAuthManagementController extends BaseController {
 
 	@RequestMapping(value = "/save-client", method = RequestMethod.POST, params = { "id", "action-save" })
 	public String saveExistinClient(Model model, @RequestParam("title") String title, @RequestParam("description") String description,
-			@RequestParam("id") long id, @RequestParam(value = "redirectUris", required = false) String redirectUris,
+			@RequestParam("id") long id, @RequestParam(value = "client_secret", required = false) String clientSecret,
+			@RequestParam(value = "redirectUris", required = false) String redirectUris,
 			@RequestParam("accessTokenValiditySeconds") Integer accessTokenValiditySeconds,
 			@RequestParam("refreshTokenValiditySeconds") Integer refreshTokenValiditySeconds,
 			@RequestParam(value = "clientType", required = false) OAuthClientType clientType) {
 
-		final OAuthClientDetails clientDetails = clientDetailsService.update(clientDetailsService.getClientDetails(id), title, description, redirectUris, accessTokenValiditySeconds, refreshTokenValiditySeconds);
+		final OAuthClientDetails clientDetails = clientDetailsService.update(clientDetailsService.getClientDetails(id), title, description, clientSecret, redirectUris,
+				accessTokenValiditySeconds, refreshTokenValiditySeconds);
 
 		return "redirect:/management/" + clientDetails.getId() + "/edit";
 	}

src/main/java/org/genesys2/server/servlet/controller/webapi/ElasticsearchHelper.java

@@ -36,6 +36,7 @@ import org.apache.http.impl.client.DefaultHttpClient;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.servlet.HandlerMapping;
 
@@ -44,7 +45,7 @@ import org.springframework.web.servlet.HandlerMapping;
  */
 @Controller
 @PreAuthorize("isAuthenticated()")
-@RequestMapping(value = "/webapi/es")
+@RequestMapping(value = "/webapi")
 public class ElasticsearchHelper {
 
 	@Value("${elasticsearch.url}")
@@ -52,16 +53,16 @@ public class ElasticsearchHelper {
 
 	public static final Log LOG = LogFactory.getLog(ElasticsearchHelper.class);
 
-	@RequestMapping("/**")
-	public void relay2(HttpServletRequest request, HttpServletResponse response) throws IOException {
+	@RequestMapping("/{clientId}/es/**")
+	public void relay2(@PathVariable("clientId") String clientId, HttpServletRequest request, HttpServletResponse response) throws IOException {
 		String foo = (String) request.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
-		foo = foo.substring("/webapi".length() + 1);
+		foo = foo.substring("/webapi".length() + 1 + clientId.length() + 1 + "es".length() + 1);
 		String queryString = request.getQueryString();
 		String method = request.getMethod();
 		if (LOG.isDebugEnabled()) {
-			LOG.debug("Kibana path: " + foo);
-			LOG.debug("Kibana qs: " + queryString);
-			LOG.debug("Kibana method: " + method);
+			LOG.debug("ES path: " + foo);
+			LOG.debug("ES qs: " + queryString);
+			LOG.debug("ES method: " + method);
 		}
 
 		final HttpClient httpclient = new DefaultHttpClient();
@@ -82,7 +83,9 @@ public class ElasticsearchHelper {
 
 		HttpResponse esResponse = null;
 		try {
-			LOG.info("Proxy " + req);
+			if (LOG.isDebugEnabled()) {
+				LOG.debug("Proxy " + req);
+			}
 			esResponse = httpclient.execute(req);
 			HttpEntity e = esResponse.getEntity();
 			response.setContentType(e.getContentType().getValue());

src/main/java/org/genesys2/server/servlet/filter/WebApiFilter.java

@@ -18,6 +18,8 @@ package org.genesys2.server.servlet.filter;
 
 import java.io.IOException;
 import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -29,7 +31,10 @@ import org.genesys2.server.service.OAuth2ClientDetailsService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.provider.ClientDetails;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
@@ -37,6 +42,8 @@ import org.springframework.web.filter.OncePerRequestFilter;
 public class WebApiFilter extends OncePerRequestFilter {
 	private static final Logger _logger = LoggerFactory.getLogger(WebApiFilter.class);
 
+	private Pattern webapiUri = Pattern.compile("/webapi/([^@]+@[^/]+)/.+");
+
 	@Autowired
 	private OAuth2ClientDetailsService clientDetailsService;
 
@@ -46,21 +53,47 @@ public class WebApiFilter extends OncePerRequestFilter {
 		String clientSecret = request.getParameter("client_secret");
 		String referrer = request.getHeader("Referer");
 
-		ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
+		if (clientId == null) {
+			String requestURI = request.getRequestURI();
+			if (_logger.isDebugEnabled()) _logger.debug("PATH=" + requestURI);
+
+			Matcher m = webapiUri.matcher(requestURI);
+			if (m.matches()) {
+				clientId = m.group(1);
+				if (_logger.isDebugEnabled())
+					_logger.debug("client_id=" + clientId);
+			}
+		}
 
 		try {
+			if (StringUtils.isBlank(clientId)) {
+				throw new Exception("client_id not provided");
+			}
+
+			ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
+
+			if (clientDetails == null) {
+				throw new Exception("Invalid client_id, client_secret combination");
+			}
+
 			if (StringUtils.isNotBlank(clientDetails.getClientSecret()) && !clientDetails.getClientSecret().equals(clientSecret)) {
 				throw new Exception("Invalid client secret");
 			}
 			if (StringUtils.isBlank(referrer)) {
 				throw new Exception("Referrer not provided by client");
 			}
-			
-			if (! isRegisteredReferrer(referrer, clientDetails.getRegisteredRedirectUri())) {
+
+			if (!isRegisteredReferrer(referrer, clientDetails.getRegisteredRedirectUri())) {
 				throw new Exception("Referrer not registered with client " + referrer);
 			}
 
-			filterChain.doFilter(request, response);
+			Authentication webapiClient = new PreAuthenticatedAuthenticationToken(clientDetails.getClientId(), null, clientDetails.getAuthorities());
+			SecurityContextHolder.getContext().setAuthentication(webapiClient);
+			try {
+				filterChain.doFilter(request, response);
+			} finally {
+				SecurityContextHolder.getContext().setAuthentication(null);
+			}
 
 		} catch (Throwable e) {
 			_logger.warn(e.getMessage());

src/main/resources/spring/spring.properties

@@ -126,4 +126,4 @@ cache.tileserver.max-idle-seconds=0
 cache.tileserver.eviction-policy=LRU
 
 # Connection to Elasticsearch
-elasticsearch.url=http://localhost:9200/
+elasticsearch.url=http://localhost:9200/
\ No newline at end of file

src/main/webapp/WEB-INF/jsp/oauth/edit.jsp

@@ -27,7 +27,7 @@
 		<div class="form-group">
 			<label for="secret" class="col-lg-2 control-label"><spring:message code="oauth-client.secret" /></label>
 			<div class="col-lg-10">
-				<span class="form-control"><c:out value="${clientDetails.clientSecret}" /></span>
+				<input type="text" name="client_secret" class="form-control" value="<c:out value="${clientDetails.clientSecret}" />" />
 			</div>
 		</div>
         <div class="form-group">