Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Genesys PGR
Genesys Backend
Commits
e0634ecc
Commit
e0634ecc
authored
Aug 17, 2014
by
Matija Obreza
Browse files
Allow setting oauth client password
WebApiFilter takes client_id from path
parent
4e2af4ba
Changes
7
Hide whitespace changes
Inline
Side-by-side
src/main/java/org/genesys2/server/service/OAuth2ClientDetailsService.java
View file @
e0634ecc
...
@@ -33,7 +33,7 @@ public interface OAuth2ClientDetailsService extends ClientDetailsService {
...
@@ -33,7 +33,7 @@ public interface OAuth2ClientDetailsService extends ClientDetailsService {
Collection
<
OAuthAccessToken
>
findTokensByUserUuid
(
String
uuid
);
Collection
<
OAuthAccessToken
>
findTokensByUserUuid
(
String
uuid
);
OAuthClientDetails
addClientDetails
(
String
title
,
String
description
,
String
redirectUri
,
Integer
accessTokenValiditySeconds
,
Integer
refreshTokenValiditySeconds
,
OAuthClientType
clientType
);
OAuthClientDetails
addClientDetails
(
String
title
,
String
description
,
String
redirectUri
,
Integer
accessTokenValiditySeconds
,
Integer
refreshTokenValiditySeconds
,
OAuthClientType
clientType
);
OAuthClientDetails
update
(
OAuthClientDetails
clientDetails
,
String
title
,
String
description
,
String
registeredR
edirectUris
,
Integer
accessTokenValiditySeconds
,
Integer
refreshTokenValiditySeconds
);
OAuthClientDetails
update
(
OAuthClientDetails
clientDetails
,
String
title
,
String
description
,
String
clientSecret
,
String
r
edirectUris
,
Integer
accessTokenValiditySeconds
,
Integer
refreshTokenValiditySeconds
);
List
<
OAuthClientDetails
>
listClientDetails
();
List
<
OAuthClientDetails
>
listClientDetails
();
...
...
src/main/java/org/genesys2/server/service/impl/OAuth2ClientDetailsServiceImpl.java
View file @
e0634ecc
...
@@ -128,10 +128,11 @@ public class OAuth2ClientDetailsServiceImpl implements OAuth2ClientDetailsServic
...
@@ -128,10 +128,11 @@ public class OAuth2ClientDetailsServiceImpl implements OAuth2ClientDetailsServic
@PreAuthorize
(
"hasRole('ADMINISTRATOR') or hasPermission(#clientDetails, 'WRITE')"
)
@PreAuthorize
(
"hasRole('ADMINISTRATOR') or hasPermission(#clientDetails, 'WRITE')"
)
@Override
@Override
public
OAuthClientDetails
update
(
OAuthClientDetails
clientDetails
,
String
title
,
String
description
,
String
redirectUris
,
public
OAuthClientDetails
update
(
OAuthClientDetails
clientDetails
,
String
title
,
String
description
,
String
clientSecret
,
String
redirectUris
,
Integer
accessTokenValiditySeconds
,
Integer
refreshTokenValiditySeconds
)
{
Integer
accessTokenValiditySeconds
,
Integer
refreshTokenValiditySeconds
)
{
clientDetails
.
setTitle
(
title
);
clientDetails
.
setTitle
(
title
);
clientDetails
.
setDescription
(
description
);
clientDetails
.
setDescription
(
description
);
clientDetails
.
setClientSecret
(
StringUtils
.
defaultIfEmpty
(
clientSecret
,
null
));
clientDetails
.
setRedirectUris
(
redirectUris
);
clientDetails
.
setRedirectUris
(
redirectUris
);
clientDetails
.
setAccessTokenValiditySeconds
(
accessTokenValiditySeconds
);
clientDetails
.
setAccessTokenValiditySeconds
(
accessTokenValiditySeconds
);
clientDetails
.
setRefreshTokenValiditySeconds
(
refreshTokenValiditySeconds
);
clientDetails
.
setRefreshTokenValiditySeconds
(
refreshTokenValiditySeconds
);
...
...
src/main/java/org/genesys2/server/servlet/controller/OAuthManagementController.java
View file @
e0634ecc
...
@@ -148,12 +148,14 @@ public class OAuthManagementController extends BaseController {
...
@@ -148,12 +148,14 @@ public class OAuthManagementController extends BaseController {
@RequestMapping
(
value
=
"/save-client"
,
method
=
RequestMethod
.
POST
,
params
=
{
"id"
,
"action-save"
})
@RequestMapping
(
value
=
"/save-client"
,
method
=
RequestMethod
.
POST
,
params
=
{
"id"
,
"action-save"
})
public
String
saveExistinClient
(
Model
model
,
@RequestParam
(
"title"
)
String
title
,
@RequestParam
(
"description"
)
String
description
,
public
String
saveExistinClient
(
Model
model
,
@RequestParam
(
"title"
)
String
title
,
@RequestParam
(
"description"
)
String
description
,
@RequestParam
(
"id"
)
long
id
,
@RequestParam
(
value
=
"redirectUris"
,
required
=
false
)
String
redirectUris
,
@RequestParam
(
"id"
)
long
id
,
@RequestParam
(
value
=
"client_secret"
,
required
=
false
)
String
clientSecret
,
@RequestParam
(
value
=
"redirectUris"
,
required
=
false
)
String
redirectUris
,
@RequestParam
(
"accessTokenValiditySeconds"
)
Integer
accessTokenValiditySeconds
,
@RequestParam
(
"accessTokenValiditySeconds"
)
Integer
accessTokenValiditySeconds
,
@RequestParam
(
"refreshTokenValiditySeconds"
)
Integer
refreshTokenValiditySeconds
,
@RequestParam
(
"refreshTokenValiditySeconds"
)
Integer
refreshTokenValiditySeconds
,
@RequestParam
(
value
=
"clientType"
,
required
=
false
)
OAuthClientType
clientType
)
{
@RequestParam
(
value
=
"clientType"
,
required
=
false
)
OAuthClientType
clientType
)
{
final
OAuthClientDetails
clientDetails
=
clientDetailsService
.
update
(
clientDetailsService
.
getClientDetails
(
id
),
title
,
description
,
redirectUris
,
accessTokenValiditySeconds
,
refreshTokenValiditySeconds
);
final
OAuthClientDetails
clientDetails
=
clientDetailsService
.
update
(
clientDetailsService
.
getClientDetails
(
id
),
title
,
description
,
clientSecret
,
redirectUris
,
accessTokenValiditySeconds
,
refreshTokenValiditySeconds
);
return
"redirect:/management/"
+
clientDetails
.
getId
()
+
"/edit"
;
return
"redirect:/management/"
+
clientDetails
.
getId
()
+
"/edit"
;
}
}
...
...
src/main/java/org/genesys2/server/servlet/controller/webapi/ElasticsearchHelper.java
View file @
e0634ecc
...
@@ -36,6 +36,7 @@ import org.apache.http.impl.client.DefaultHttpClient;
...
@@ -36,6 +36,7 @@ import org.apache.http.impl.client.DefaultHttpClient;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.web.bind.annotation.PathVariable
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.servlet.HandlerMapping
;
import
org.springframework.web.servlet.HandlerMapping
;
...
@@ -44,7 +45,7 @@ import org.springframework.web.servlet.HandlerMapping;
...
@@ -44,7 +45,7 @@ import org.springframework.web.servlet.HandlerMapping;
*/
*/
@Controller
@Controller
@PreAuthorize
(
"isAuthenticated()"
)
@PreAuthorize
(
"isAuthenticated()"
)
@RequestMapping
(
value
=
"/webapi
/es
"
)
@RequestMapping
(
value
=
"/webapi"
)
public
class
ElasticsearchHelper
{
public
class
ElasticsearchHelper
{
@Value
(
"${elasticsearch.url}"
)
@Value
(
"${elasticsearch.url}"
)
...
@@ -52,16 +53,16 @@ public class ElasticsearchHelper {
...
@@ -52,16 +53,16 @@ public class ElasticsearchHelper {
public
static
final
Log
LOG
=
LogFactory
.
getLog
(
ElasticsearchHelper
.
class
);
public
static
final
Log
LOG
=
LogFactory
.
getLog
(
ElasticsearchHelper
.
class
);
@RequestMapping
(
"/**"
)
@RequestMapping
(
"/
{clientId}/es/
**"
)
public
void
relay2
(
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
IOException
{
public
void
relay2
(
@PathVariable
(
"clientId"
)
String
clientId
,
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
IOException
{
String
foo
=
(
String
)
request
.
getAttribute
(
HandlerMapping
.
PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE
);
String
foo
=
(
String
)
request
.
getAttribute
(
HandlerMapping
.
PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE
);
foo
=
foo
.
substring
(
"/webapi"
.
length
()
+
1
);
foo
=
foo
.
substring
(
"/webapi"
.
length
()
+
1
+
clientId
.
length
()
+
1
+
"es"
.
length
()
+
1
);
String
queryString
=
request
.
getQueryString
();
String
queryString
=
request
.
getQueryString
();
String
method
=
request
.
getMethod
();
String
method
=
request
.
getMethod
();
if
(
LOG
.
isDebugEnabled
())
{
if
(
LOG
.
isDebugEnabled
())
{
LOG
.
debug
(
"
Kibana
path: "
+
foo
);
LOG
.
debug
(
"
ES
path: "
+
foo
);
LOG
.
debug
(
"
Kibana
qs: "
+
queryString
);
LOG
.
debug
(
"
ES
qs: "
+
queryString
);
LOG
.
debug
(
"
Kibana
method: "
+
method
);
LOG
.
debug
(
"
ES
method: "
+
method
);
}
}
final
HttpClient
httpclient
=
new
DefaultHttpClient
();
final
HttpClient
httpclient
=
new
DefaultHttpClient
();
...
@@ -82,7 +83,9 @@ public class ElasticsearchHelper {
...
@@ -82,7 +83,9 @@ public class ElasticsearchHelper {
HttpResponse
esResponse
=
null
;
HttpResponse
esResponse
=
null
;
try
{
try
{
LOG
.
info
(
"Proxy "
+
req
);
if
(
LOG
.
isDebugEnabled
())
{
LOG
.
debug
(
"Proxy "
+
req
);
}
esResponse
=
httpclient
.
execute
(
req
);
esResponse
=
httpclient
.
execute
(
req
);
HttpEntity
e
=
esResponse
.
getEntity
();
HttpEntity
e
=
esResponse
.
getEntity
();
response
.
setContentType
(
e
.
getContentType
().
getValue
());
response
.
setContentType
(
e
.
getContentType
().
getValue
());
...
...
src/main/java/org/genesys2/server/servlet/filter/WebApiFilter.java
View file @
e0634ecc
...
@@ -18,6 +18,8 @@ package org.genesys2.server.servlet.filter;
...
@@ -18,6 +18,8 @@ package org.genesys2.server.servlet.filter;
import
java.io.IOException
;
import
java.io.IOException
;
import
java.util.Set
;
import
java.util.Set
;
import
java.util.regex.Matcher
;
import
java.util.regex.Pattern
;
import
javax.servlet.FilterChain
;
import
javax.servlet.FilterChain
;
import
javax.servlet.ServletException
;
import
javax.servlet.ServletException
;
...
@@ -29,7 +31,10 @@ import org.genesys2.server.service.OAuth2ClientDetailsService;
...
@@ -29,7 +31,10 @@ import org.genesys2.server.service.OAuth2ClientDetailsService;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.oauth2.provider.ClientDetails
;
import
org.springframework.security.oauth2.provider.ClientDetails
;
import
org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
;
import
org.springframework.stereotype.Component
;
import
org.springframework.stereotype.Component
;
import
org.springframework.web.filter.OncePerRequestFilter
;
import
org.springframework.web.filter.OncePerRequestFilter
;
...
@@ -37,6 +42,8 @@ import org.springframework.web.filter.OncePerRequestFilter;
...
@@ -37,6 +42,8 @@ import org.springframework.web.filter.OncePerRequestFilter;
public
class
WebApiFilter
extends
OncePerRequestFilter
{
public
class
WebApiFilter
extends
OncePerRequestFilter
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
WebApiFilter
.
class
);
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
WebApiFilter
.
class
);
private
Pattern
webapiUri
=
Pattern
.
compile
(
"/webapi/([^@]+@[^/]+)/.+"
);
@Autowired
@Autowired
private
OAuth2ClientDetailsService
clientDetailsService
;
private
OAuth2ClientDetailsService
clientDetailsService
;
...
@@ -46,21 +53,47 @@ public class WebApiFilter extends OncePerRequestFilter {
...
@@ -46,21 +53,47 @@ public class WebApiFilter extends OncePerRequestFilter {
String
clientSecret
=
request
.
getParameter
(
"client_secret"
);
String
clientSecret
=
request
.
getParameter
(
"client_secret"
);
String
referrer
=
request
.
getHeader
(
"Referer"
);
String
referrer
=
request
.
getHeader
(
"Referer"
);
ClientDetails
clientDetails
=
clientDetailsService
.
loadClientByClientId
(
clientId
);
if
(
clientId
==
null
)
{
String
requestURI
=
request
.
getRequestURI
();
if
(
_logger
.
isDebugEnabled
())
_logger
.
debug
(
"PATH="
+
requestURI
);
Matcher
m
=
webapiUri
.
matcher
(
requestURI
);
if
(
m
.
matches
())
{
clientId
=
m
.
group
(
1
);
if
(
_logger
.
isDebugEnabled
())
_logger
.
debug
(
"client_id="
+
clientId
);
}
}
try
{
try
{
if
(
StringUtils
.
isBlank
(
clientId
))
{
throw
new
Exception
(
"client_id not provided"
);
}
ClientDetails
clientDetails
=
clientDetailsService
.
loadClientByClientId
(
clientId
);
if
(
clientDetails
==
null
)
{
throw
new
Exception
(
"Invalid client_id, client_secret combination"
);
}
if
(
StringUtils
.
isNotBlank
(
clientDetails
.
getClientSecret
())
&&
!
clientDetails
.
getClientSecret
().
equals
(
clientSecret
))
{
if
(
StringUtils
.
isNotBlank
(
clientDetails
.
getClientSecret
())
&&
!
clientDetails
.
getClientSecret
().
equals
(
clientSecret
))
{
throw
new
Exception
(
"Invalid client secret"
);
throw
new
Exception
(
"Invalid client secret"
);
}
}
if
(
StringUtils
.
isBlank
(
referrer
))
{
if
(
StringUtils
.
isBlank
(
referrer
))
{
throw
new
Exception
(
"Referrer not provided by client"
);
throw
new
Exception
(
"Referrer not provided by client"
);
}
}
if
(!
isRegisteredReferrer
(
referrer
,
clientDetails
.
getRegisteredRedirectUri
()))
{
if
(!
isRegisteredReferrer
(
referrer
,
clientDetails
.
getRegisteredRedirectUri
()))
{
throw
new
Exception
(
"Referrer not registered with client "
+
referrer
);
throw
new
Exception
(
"Referrer not registered with client "
+
referrer
);
}
}
filterChain
.
doFilter
(
request
,
response
);
Authentication
webapiClient
=
new
PreAuthenticatedAuthenticationToken
(
clientDetails
.
getClientId
(),
null
,
clientDetails
.
getAuthorities
());
SecurityContextHolder
.
getContext
().
setAuthentication
(
webapiClient
);
try
{
filterChain
.
doFilter
(
request
,
response
);
}
finally
{
SecurityContextHolder
.
getContext
().
setAuthentication
(
null
);
}
}
catch
(
Throwable
e
)
{
}
catch
(
Throwable
e
)
{
_logger
.
warn
(
e
.
getMessage
());
_logger
.
warn
(
e
.
getMessage
());
...
...
src/main/resources/spring/spring.properties
View file @
e0634ecc
...
@@ -126,4 +126,4 @@ cache.tileserver.max-idle-seconds=0
...
@@ -126,4 +126,4 @@ cache.tileserver.max-idle-seconds=0
cache.tileserver.eviction-policy
=
LRU
cache.tileserver.eviction-policy
=
LRU
# Connection to Elasticsearch
# Connection to Elasticsearch
elasticsearch.url
=
http://localhost:9200/
elasticsearch.url
=
http://localhost:9200/
\ No newline at end of file
src/main/webapp/WEB-INF/jsp/oauth/edit.jsp
View file @
e0634ecc
...
@@ -27,7 +27,7 @@
...
@@ -27,7 +27,7 @@
<div
class=
"form-group"
>
<div
class=
"form-group"
>
<label
for=
"secret"
class=
"col-lg-2 control-label"
><spring:message
code=
"oauth-client.secret"
/></label>
<label
for=
"secret"
class=
"col-lg-2 control-label"
><spring:message
code=
"oauth-client.secret"
/></label>
<div
class=
"col-lg-10"
>
<div
class=
"col-lg-10"
>
<
span
class=
"form-control"
>
<c:out
value=
"
${
clientDetails
.
clientSecret
}
"
/>
</span
>
<
input
type=
"text"
name=
"client_secret"
class=
"form-control"
value=
"
<c:out
value=
"
${
clientDetails
.
clientSecret
}
"
/>
"
/
>
</div>
</div>
</div>
</div>
<div
class=
"form-group"
>
<div
class=
"form-group"
>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment