refactor: 💡 Refactored Perun filters as auth_proc filters
Dominik Frantisek Bucik
parent
cc4add710d
commit
cf358dc2dc
|
|
@ -489,7 +489,7 @@
|
||||||
|
|
||||||
<bean id="oidcTokenService" class="cz.muni.ics.oidc.server.PerunOIDCTokenService" primary="true"/>
|
<bean id="oidcTokenService" class="cz.muni.ics.oidc.server.PerunOIDCTokenService" primary="true"/>
|
||||||
|
|
||||||
<bean id="callPerunFiltersFilter" class="cz.muni.ics.oidc.server.filters.CallPerunFiltersFilter"/>
|
<bean id="authProcFilters" class="cz.muni.ics.oidc.server.filters.AuthProcFiltersContainer"/>
|
||||||
|
|
||||||
<bean id="htmlClasses" class="cz.muni.ics.oidc.web.WebHtmlClasses">
|
<bean id="htmlClasses" class="cz.muni.ics.oidc.web.WebHtmlClasses">
|
||||||
<constructor-arg name="perunOidcConfig" ref="perunOidcConfig"/>
|
<constructor-arg name="perunOidcConfig" ref="perunOidcConfig"/>
|
||||||
|
|
|
||||||
|
|
@ -251,7 +251,7 @@
|
||||||
<security:custom-filter ref="clearSessionFilter" after="CHANNEL_FILTER"/>
|
<security:custom-filter ref="clearSessionFilter" after="CHANNEL_FILTER"/>
|
||||||
<security:custom-filter ref="samlFilter" before="CSRF_FILTER"/>
|
<security:custom-filter ref="samlFilter" before="CSRF_FILTER"/>
|
||||||
<security:custom-filter ref="samlFilter" after="BASIC_AUTH_FILTER"/>
|
<security:custom-filter ref="samlFilter" after="BASIC_AUTH_FILTER"/>
|
||||||
<security:custom-filter ref="callPerunFiltersFilter" before="LAST"/>
|
<security:custom-filter ref="authProcFilters" before="LAST"/>
|
||||||
<security:logout logout-url="/saml/logout"/>
|
<security:logout logout-url="/saml/logout"/>
|
||||||
</security:http>
|
</security:http>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,20 +1,14 @@
|
||||||
package cz.muni.ics.oidc.server.filters;
|
package cz.muni.ics.oidc.server.filters;
|
||||||
|
|
||||||
import static cz.muni.ics.oidc.server.filters.PerunFilterConstants.AUTHORIZE_REQ_PATTERN;
|
|
||||||
import static cz.muni.ics.oidc.server.filters.PerunFilterConstants.DEVICE_APPROVE_REQ_PATTERN;
|
|
||||||
import static cz.muni.ics.oidc.server.filters.PerunFilterConstants.DEVICE_CHECK_CODE_REQ_PATTERN;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.security.Principal;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import javax.servlet.ServletRequest;
|
|
||||||
import javax.servlet.ServletResponse;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import javax.servlet.http.HttpSession;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
||||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Abstract class for Perun filters. All filters called in CallPerunFiltersFilter has to extend this.
|
* Abstract class for Perun filters. All filters called in CallPerunFiltersFilter has to extend this.
|
||||||
|
|
@ -39,7 +33,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public abstract class PerunRequestFilter {
|
public abstract class AuthProcFilter {
|
||||||
|
|
||||||
private static final String DELIMITER = ",";
|
private static final String DELIMITER = ",";
|
||||||
private static final String CLIENT_IDS = "clientIds";
|
private static final String CLIENT_IDS = "clientIds";
|
||||||
|
|
@ -49,7 +43,7 @@ public abstract class PerunRequestFilter {
|
||||||
private Set<String> clientIds = new HashSet<>();
|
private Set<String> clientIds = new HashSet<>();
|
||||||
private Set<String> subs = new HashSet<>();
|
private Set<String> subs = new HashSet<>();
|
||||||
|
|
||||||
public PerunRequestFilter(PerunRequestFilterParams params) {
|
public AuthProcFilter(PerunRequestFilterParams params) {
|
||||||
filterName = params.getFilterName();
|
filterName = params.getFilterName();
|
||||||
|
|
||||||
if (params.hasProperty(CLIENT_IDS)) {
|
if (params.hasProperty(CLIENT_IDS)) {
|
||||||
|
|
@ -65,6 +59,8 @@ public abstract class PerunRequestFilter {
|
||||||
log.debug("{} - skip execution for clients with CLIENT_ID in: {}", filterName, clientIds);
|
log.debug("{} - skip execution for clients with CLIENT_ID in: {}", filterName, clientIds);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected abstract String getSessionAppliedParamName();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* In this method is done whole logic of filer
|
* In this method is done whole logic of filer
|
||||||
*
|
*
|
||||||
|
|
@ -73,31 +69,51 @@ public abstract class PerunRequestFilter {
|
||||||
* @return boolean if filter was successfully done
|
* @return boolean if filter was successfully done
|
||||||
* @throws IOException this exception could be thrown because of failed or interrupted I/O operation
|
* @throws IOException this exception could be thrown because of failed or interrupted I/O operation
|
||||||
*/
|
*/
|
||||||
protected abstract boolean process(ServletRequest request, ServletResponse response, FilterParams params)
|
protected abstract boolean process(HttpServletRequest request, HttpServletResponse response, FilterParams params)
|
||||||
throws IOException;
|
throws IOException;
|
||||||
|
|
||||||
public boolean doFilter(ServletRequest req, ServletResponse res, FilterParams params) throws IOException {
|
public boolean doFilter(HttpServletRequest req, HttpServletResponse res, FilterParams params) throws IOException {
|
||||||
HttpServletRequest request = (HttpServletRequest) req;
|
if (!skip(req)) {
|
||||||
if (!skip(request)) {
|
|
||||||
log.trace("{} - executing filter", filterName);
|
log.trace("{} - executing filter", filterName);
|
||||||
return this.process(req, res, params);
|
return process(req, res, params);
|
||||||
} else {
|
} else {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean skip(HttpServletRequest request) {
|
private boolean skip(HttpServletRequest request) {
|
||||||
String sub = (request.getUserPrincipal() != null) ? request.getUserPrincipal().getName() : null;
|
if (hasBeenApplied(request.getSession(true))) {
|
||||||
String clientId = request.getParameter(PerunFilterConstants.PARAM_CLIENT_ID);
|
return true;
|
||||||
|
}
|
||||||
|
log.debug("{} - marking filter as applied", filterName);
|
||||||
|
request.getSession(true).setAttribute(getSessionAppliedParamName(), true);
|
||||||
|
return skipForSub(request.getUserPrincipal())
|
||||||
|
|| skipForClientId(request.getParameter(PerunFilterConstants.PARAM_CLIENT_ID));
|
||||||
|
}
|
||||||
|
|
||||||
|
private boolean hasBeenApplied(HttpSession sess) {
|
||||||
|
String sessionParamName = getSessionAppliedParamName();
|
||||||
|
if (sess.getAttribute(sessionParamName) != null) {
|
||||||
|
log.debug("{} - skip filter execution: filter has been already applied", filterName);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
private boolean skipForSub(Principal p) {
|
||||||
|
String sub = (p != null) ? p.getName() : null;
|
||||||
if (sub != null && subs.contains(sub)) {
|
if (sub != null && subs.contains(sub)) {
|
||||||
log.debug("{} - skip filter execution: matched one of the ignored SUBS ({})", filterName, sub);
|
log.debug("{} - skip filter execution: matched one of the ignored SUBS ({})", filterName, sub);
|
||||||
return true;
|
return true;
|
||||||
} else if (clientId != null && clientIds.contains(clientId)){
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
private boolean skipForClientId(String clientId) {
|
||||||
|
if (clientId != null && clientIds.contains(clientId)){
|
||||||
log.debug("{} - skip filter execution: matched one of the ignored CLIENT_IDS ({})", filterName, clientId);
|
log.debug("{} - skip filter execution: matched one of the ignored CLIENT_IDS ({})", filterName, clientId);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -16,10 +16,12 @@ import java.util.List;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
import javax.annotation.PostConstruct;
|
import javax.annotation.PostConstruct;
|
||||||
import javax.servlet.FilterChain;
|
import javax.servlet.FilterChain;
|
||||||
|
import javax.servlet.GenericFilter;
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletRequest;
|
||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
|
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
|
||||||
|
|
@ -36,7 +38,7 @@ import org.springframework.web.filter.GenericFilterBean;
|
||||||
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class CallPerunFiltersFilter extends GenericFilterBean {
|
public class AuthProcFiltersContainer extends GenericFilterBean {
|
||||||
|
|
||||||
private static final RequestMatcher AUTHORIZE_MATCHER = new AntPathRequestMatcher(AUTHORIZE_REQ_PATTERN);
|
private static final RequestMatcher AUTHORIZE_MATCHER = new AntPathRequestMatcher(AUTHORIZE_REQ_PATTERN);
|
||||||
private static final RequestMatcher AUTHORIZE_ALL_MATCHER = new AntPathRequestMatcher(AUTHORIZE_REQ_PATTERN + "/**");
|
private static final RequestMatcher AUTHORIZE_ALL_MATCHER = new AntPathRequestMatcher(AUTHORIZE_REQ_PATTERN + "/**");
|
||||||
|
|
@ -74,13 +76,15 @@ public class CallPerunFiltersFilter extends GenericFilterBean {
|
||||||
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
|
||||||
throws IOException, ServletException
|
throws IOException, ServletException
|
||||||
{
|
{
|
||||||
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
HttpServletRequest req = (HttpServletRequest) servletRequest;
|
||||||
if (!MATCHER.matches(request)) {
|
HttpServletResponse res = (HttpServletResponse) servletResponse;
|
||||||
log.debug("Custom filters have been skipped, did not match '/authorize' nor '/device/code' request");
|
if (!MATCHER.matches(req)) {
|
||||||
|
log.debug("Custom filters have been skipped, did not match '{}' nor '{}' request", AUTHORIZE_MATCHER,
|
||||||
|
AUTHORIZE_REQ_PATTERN);
|
||||||
} else {
|
} else {
|
||||||
List<PerunRequestFilter> filters = perunFiltersContext.getFilters();
|
List<AuthProcFilter> filters = perunFiltersContext.getFilters();
|
||||||
if (filters != null && !filters.isEmpty()) {
|
if (filters != null && !filters.isEmpty()) {
|
||||||
ClientDetailsEntity client = FiltersUtils.extractClientFromRequest(request, authRequestFactory,
|
ClientDetailsEntity client = FiltersUtils.extractClientFromRequest(req, authRequestFactory,
|
||||||
clientDetailsEntityService);
|
clientDetailsEntityService);
|
||||||
Facility facility = null;
|
Facility facility = null;
|
||||||
if (client != null && StringUtils.hasText(client.getClientId())) {
|
if (client != null && StringUtils.hasText(client.getClientId())) {
|
||||||
|
|
@ -88,20 +92,20 @@ public class CallPerunFiltersFilter extends GenericFilterBean {
|
||||||
facility = perunAdapter.getFacilityByClientId(client.getClientId());
|
facility = perunAdapter.getFacilityByClientId(client.getClientId());
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
log.warn("{} - could not fetch facility for client_id '{}'",
|
log.warn("{} - could not fetch facility for client_id '{}'",
|
||||||
CallPerunFiltersFilter.class.getSimpleName(), client.getClientId(), e);
|
AuthProcFiltersContainer.class.getSimpleName(), client.getClientId(), e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
PerunUser user = FiltersUtils.getPerunUser(request, perunAdapter,
|
PerunUser user = FiltersUtils.getPerunUser(req, perunAdapter,
|
||||||
samlProperties.getUserIdentifierAttribute());
|
samlProperties.getUserIdentifierAttribute());
|
||||||
FilterParams params = new FilterParams(client, facility, user);
|
FilterParams params = new FilterParams(client, facility, user);
|
||||||
for (PerunRequestFilter filter : filters) {
|
for (AuthProcFilter filter : filters) {
|
||||||
if (!filter.doFilter(servletRequest, servletResponse, params)) {
|
if (!filter.doFilter(req, res, params)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
filterChain.doFilter(servletRequest, servletResponse);
|
filterChain.doFilter(req, res);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -16,7 +16,7 @@ import org.springframework.util.StringUtils;
|
||||||
* Filters are configured from configuration file in following way:
|
* Filters are configured from configuration file in following way:
|
||||||
* filter.names=filterName1,filterName2,...
|
* filter.names=filterName1,filterName2,...
|
||||||
*
|
*
|
||||||
* @see PerunRequestFilter for configuration of filter
|
* @see AuthProcFilter for configuration of filter
|
||||||
*
|
*
|
||||||
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
||||||
*/
|
*/
|
||||||
|
|
@ -27,7 +27,7 @@ public class PerunFiltersContext {
|
||||||
private static final String FILTER_CLASS = ".class";
|
private static final String FILTER_CLASS = ".class";
|
||||||
private static final String PREFIX = "filter.";
|
private static final String PREFIX = "filter.";
|
||||||
|
|
||||||
private final List<PerunRequestFilter> filters;
|
private final List<AuthProcFilter> filters;
|
||||||
private final Properties properties;
|
private final Properties properties;
|
||||||
private final BeanUtil beanUtil;
|
private final BeanUtil beanUtil;
|
||||||
|
|
||||||
|
|
@ -41,17 +41,17 @@ public class PerunFiltersContext {
|
||||||
|
|
||||||
log.debug("--------------------------------");
|
log.debug("--------------------------------");
|
||||||
for (String filterName: filterNames.split(",")) {
|
for (String filterName: filterNames.split(",")) {
|
||||||
PerunRequestFilter requestFilter = loadFilter(filterName);
|
AuthProcFilter requestFilter = loadFilter(filterName);
|
||||||
filters.add(requestFilter);
|
filters.add(requestFilter);
|
||||||
log.debug("--------------------------------");
|
log.debug("--------------------------------");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public List<PerunRequestFilter> getFilters() {
|
public List<AuthProcFilter> getFilters() {
|
||||||
return filters;
|
return filters;
|
||||||
}
|
}
|
||||||
|
|
||||||
private PerunRequestFilter loadFilter(String filterName) {
|
private AuthProcFilter loadFilter(String filterName) {
|
||||||
String propPrefix = PerunFiltersContext.PREFIX + filterName;
|
String propPrefix = PerunFiltersContext.PREFIX + filterName;
|
||||||
String filterClass = properties.getProperty(propPrefix + FILTER_CLASS, null);
|
String filterClass = properties.getProperty(propPrefix + FILTER_CLASS, null);
|
||||||
if (!StringUtils.hasText(filterClass)) {
|
if (!StringUtils.hasText(filterClass)) {
|
||||||
|
|
@ -62,14 +62,14 @@ public class PerunFiltersContext {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
Class<?> rawClazz = Class.forName(filterClass);
|
Class<?> rawClazz = Class.forName(filterClass);
|
||||||
if (!PerunRequestFilter.class.isAssignableFrom(rawClazz)) {
|
if (!AuthProcFilter.class.isAssignableFrom(rawClazz)) {
|
||||||
log.warn("{} - failed to initialized filter: class '{}' does not extend PerunRequestFilter",
|
log.warn("{} - failed to initialized filter: class '{}' does not extend PerunRequestFilter",
|
||||||
filterName, filterClass);
|
filterName, filterClass);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@SuppressWarnings("unchecked") Class<PerunRequestFilter> clazz = (Class<PerunRequestFilter>) rawClazz;
|
@SuppressWarnings("unchecked") Class<AuthProcFilter> clazz = (Class<AuthProcFilter>) rawClazz;
|
||||||
Constructor<PerunRequestFilter> constructor = clazz.getConstructor(PerunRequestFilterParams.class);
|
Constructor<AuthProcFilter> constructor = clazz.getConstructor(PerunRequestFilterParams.class);
|
||||||
PerunRequestFilterParams params = new PerunRequestFilterParams(filterName, propPrefix, properties, beanUtil);
|
PerunRequestFilterParams params = new PerunRequestFilterParams(filterName, propPrefix, properties, beanUtil);
|
||||||
return constructor.newInstance(params);
|
return constructor.newInstance(params);
|
||||||
} catch (ClassNotFoundException e) {
|
} catch (ClassNotFoundException e) {
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ import cz.muni.ics.oidc.server.configurations.FacilityAttrsConfig;
|
||||||
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
||||||
import cz.muni.ics.oidc.server.filters.FilterParams;
|
import cz.muni.ics.oidc.server.filters.FilterParams;
|
||||||
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
|
import cz.muni.ics.oidc.server.filters.AuthProcFilter;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
||||||
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
|
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
@ -31,7 +31,9 @@ import lombok.extern.slf4j.Slf4j;
|
||||||
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class PerunAuthorizationFilter extends PerunRequestFilter {
|
public class PerunAuthorizationFilter extends AuthProcFilter {
|
||||||
|
|
||||||
|
public static final String APPLIED = "APPLIED_" + PerunAuthorizationFilter.class.getSimpleName();
|
||||||
|
|
||||||
private final PerunAdapter perunAdapter;
|
private final PerunAdapter perunAdapter;
|
||||||
private final FacilityAttrsConfig facilityAttrsConfig;
|
private final FacilityAttrsConfig facilityAttrsConfig;
|
||||||
|
|
@ -48,10 +50,12 @@ public class PerunAuthorizationFilter extends PerunRequestFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) {
|
protected String getSessionAppliedParamName() {
|
||||||
HttpServletRequest request = (HttpServletRequest) req;
|
return APPLIED;
|
||||||
HttpServletResponse response = (HttpServletResponse) res;
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
|
||||||
Facility facility = params.getFacility();
|
Facility facility = params.getFacility();
|
||||||
if (facility == null || facility.getId() == null) {
|
if (facility == null || facility.getId() == null) {
|
||||||
log.debug("{} - skip filter execution: no facility provided", filterName);
|
log.debug("{} - skip filter execution: no facility provided", filterName);
|
||||||
|
|
@ -64,7 +68,7 @@ public class PerunAuthorizationFilter extends PerunRequestFilter {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
return this.decideAccess(facility, user, request, response, params.getClientIdentifier(),
|
return this.decideAccess(facility, user, req, res, params.getClientIdentifier(),
|
||||||
perunAdapter, facilityAttrsConfig);
|
perunAdapter, facilityAttrsConfig);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ import cz.muni.ics.oidc.server.adapters.PerunAdapter;
|
||||||
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
||||||
import cz.muni.ics.oidc.server.filters.FilterParams;
|
import cz.muni.ics.oidc.server.filters.FilterParams;
|
||||||
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
|
import cz.muni.ics.oidc.server.filters.AuthProcFilter;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
||||||
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
|
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
|
||||||
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
|
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
|
||||||
|
|
@ -21,6 +21,7 @@ import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletRequest;
|
||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.apache.http.HttpHeaders;
|
import org.apache.http.HttpHeaders;
|
||||||
|
|
@ -39,7 +40,9 @@ import org.springframework.util.StringUtils;
|
||||||
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class PerunEnsureVoMember extends PerunRequestFilter {
|
public class PerunEnsureVoMember extends AuthProcFilter {
|
||||||
|
|
||||||
|
public static final String APPLIED = "APPLIED_" + PerunEnsureVoMember.class.getSimpleName();
|
||||||
|
|
||||||
private static final String TRIGGER_ATTR = "triggerAttr";
|
private static final String TRIGGER_ATTR = "triggerAttr";
|
||||||
private static final String VO_DEFS_ATTR = "voDefsAttr";
|
private static final String VO_DEFS_ATTR = "voDefsAttr";
|
||||||
|
|
@ -68,9 +71,12 @@ public class PerunEnsureVoMember extends PerunRequestFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) throws IOException {
|
protected String getSessionAppliedParamName() {
|
||||||
HttpServletResponse response = (HttpServletResponse) res;
|
return APPLIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
|
||||||
Facility facility = params.getFacility();
|
Facility facility = params.getFacility();
|
||||||
if (facility == null || facility.getId() == null) {
|
if (facility == null || facility.getId() == null) {
|
||||||
log.debug("{} - skip execution: no facility provided", filterName);
|
log.debug("{} - skip execution: no facility provided", filterName);
|
||||||
|
|
@ -100,7 +106,7 @@ public class PerunEnsureVoMember extends PerunRequestFilter {
|
||||||
log.debug("{} - user allowed to continue", filterName);
|
log.debug("{} - user allowed to continue", filterName);
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
redirect(response, getLoginUrl(facility.getId()), voShortName);
|
redirect(res, getLoginUrl(facility.getId()), voShortName);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ import cz.muni.ics.oidc.server.adapters.PerunAdapter;
|
||||||
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
||||||
import cz.muni.ics.oidc.server.filters.FilterParams;
|
import cz.muni.ics.oidc.server.filters.FilterParams;
|
||||||
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
|
import cz.muni.ics.oidc.server.filters.AuthProcFilter;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
||||||
import cz.muni.ics.oidc.web.controllers.AupController;
|
import cz.muni.ics.oidc.web.controllers.AupController;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
@ -52,7 +52,9 @@ import org.springframework.util.StringUtils;
|
||||||
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class PerunForceAupFilter extends PerunRequestFilter {
|
public class PerunForceAupFilter extends AuthProcFilter {
|
||||||
|
|
||||||
|
public static final String APPLIED = "APPLIED_" + PerunForceAupFilter.class.getSimpleName();
|
||||||
|
|
||||||
private static final String DATE_FORMAT = "yyyy-MM-dd";
|
private static final String DATE_FORMAT = "yyyy-MM-dd";
|
||||||
|
|
||||||
|
|
@ -93,18 +95,20 @@ public class PerunForceAupFilter extends PerunRequestFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) throws IOException {
|
protected String getSessionAppliedParamName() {
|
||||||
HttpServletRequest request = (HttpServletRequest) req;
|
return APPLIED;
|
||||||
HttpServletResponse response = (HttpServletResponse) res;
|
}
|
||||||
|
|
||||||
if (request.getSession() != null && request.getSession().getAttribute(APPROVED) != null) {
|
@Override
|
||||||
request.getSession().removeAttribute(APPROVED);
|
protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) throws IOException {
|
||||||
|
if (req.getSession() != null && req.getSession().getAttribute(APPROVED) != null) {
|
||||||
|
req.getSession().removeAttribute(APPROVED);
|
||||||
log.debug("{} - skip filter execution: aups are already approved, check at next access to the service due" +
|
log.debug("{} - skip filter execution: aups are already approved, check at next access to the service due" +
|
||||||
" to a delayed propagation to LDAP", filterName);
|
" to a delayed propagation to LDAP", filterName);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
PerunUser user = FiltersUtils.getPerunUser(request, perunAdapter, samlProperties.getUserIdentifierAttribute());
|
PerunUser user = FiltersUtils.getPerunUser(req, perunAdapter, samlProperties.getUserIdentifierAttribute());
|
||||||
if (user == null || user.getId() == null) {
|
if (user == null || user.getId() == null) {
|
||||||
log.debug("{} - skip filter execution: no user provider", filterName);
|
log.debug("{} - skip filter execution: no user provider", filterName);
|
||||||
return true;
|
return true;
|
||||||
|
|
@ -147,13 +151,13 @@ public class PerunForceAupFilter extends PerunRequestFilter {
|
||||||
log.trace("{} - AUPS to be approved: '{}'", filterName, newAups);
|
log.trace("{} - AUPS to be approved: '{}'", filterName, newAups);
|
||||||
String newAupsString = mapper.writeValueAsString(newAups);
|
String newAupsString = mapper.writeValueAsString(newAups);
|
||||||
|
|
||||||
request.getSession().setAttribute(AupController.RETURN_URL, request.getRequestURI()
|
req.getSession().setAttribute(AupController.RETURN_URL, req.getRequestURI()
|
||||||
.replace(request.getContextPath(), "") + '?' + request.getQueryString());
|
.replace(req.getContextPath(), "") + '?' + req.getQueryString());
|
||||||
request.getSession().setAttribute(AupController.NEW_AUPS, newAupsString);
|
req.getSession().setAttribute(AupController.NEW_AUPS, newAupsString);
|
||||||
request.getSession().setAttribute(AupController.USER_ATTR, perunUserAupsAttrName);
|
req.getSession().setAttribute(AupController.USER_ATTR, perunUserAupsAttrName);
|
||||||
|
|
||||||
log.debug("{} - redirecting user '{}' to AUPs approval page", filterName, user);
|
log.debug("{} - redirecting user '{}' to AUPs approval page", filterName, user);
|
||||||
response.sendRedirect(request.getContextPath() + '/' + AupController.URL);
|
res.sendRedirect(req.getContextPath() + '/' + AupController.URL);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,8 +14,7 @@ import cz.muni.ics.oidc.server.adapters.PerunAdapter;
|
||||||
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
||||||
import cz.muni.ics.oidc.server.filters.FilterParams;
|
import cz.muni.ics.oidc.server.filters.FilterParams;
|
||||||
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunFilterConstants;
|
import cz.muni.ics.oidc.server.filters.AuthProcFilter;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
|
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
||||||
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
|
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
|
||||||
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
|
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
|
||||||
|
|
@ -46,7 +45,9 @@ import org.apache.http.HttpHeaders;
|
||||||
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
* @author Dominik Frantisek Bucik <bucik@ics.muni.cz>
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class PerunIsCesnetEligibleFilter extends PerunRequestFilter {
|
public class PerunIsCesnetEligibleFilter extends AuthProcFilter {
|
||||||
|
|
||||||
|
public static final String APPLIED = "APPLIED_" + PerunIsCesnetEligibleFilter.class.getSimpleName();
|
||||||
|
|
||||||
/* CONFIGURATION PROPERTIES */
|
/* CONFIGURATION PROPERTIES */
|
||||||
private static final String IS_CESNET_ELIGIBLE_ATTR_NAME = "isCesnetEligibleAttr";
|
private static final String IS_CESNET_ELIGIBLE_ATTR_NAME = "isCesnetEligibleAttr";
|
||||||
|
|
@ -84,11 +85,13 @@ public class PerunIsCesnetEligibleFilter extends PerunRequestFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) {
|
protected String getSessionAppliedParamName() {
|
||||||
HttpServletRequest request = (HttpServletRequest) req;
|
return APPLIED;
|
||||||
HttpServletResponse response = (HttpServletResponse) res;
|
}
|
||||||
|
|
||||||
if (!FiltersUtils.isScopePresent(request.getParameter(PARAM_SCOPE), triggerScope)) {
|
@Override
|
||||||
|
protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
|
||||||
|
if (!FiltersUtils.isScopePresent(req.getParameter(PARAM_SCOPE), triggerScope)) {
|
||||||
log.debug("{} - skip execution: scope '{}' is not present in request", filterName, triggerScope);
|
log.debug("{} - skip execution: scope '{}' is not present in request", filterName, triggerScope);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -124,7 +127,7 @@ public class PerunIsCesnetEligibleFilter extends PerunRequestFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
log.debug("{} - attribute '{}' value is invalid, stop user at this point", filterName, attrValue);
|
log.debug("{} - attribute '{}' value is invalid, stop user at this point", filterName, attrValue);
|
||||||
this.redirect(request, response, reason);
|
this.redirect(req, res, reason);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -10,8 +10,7 @@ import cz.muni.ics.oidc.server.adapters.PerunAdapter;
|
||||||
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
||||||
import cz.muni.ics.oidc.server.filters.FilterParams;
|
import cz.muni.ics.oidc.server.filters.FilterParams;
|
||||||
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunFilterConstants;
|
import cz.muni.ics.oidc.server.filters.AuthProcFilter;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
|
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
||||||
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
|
import cz.muni.ics.oidc.web.controllers.ControllerUtils;
|
||||||
import cz.muni.ics.oidc.web.controllers.IsTestSpController;
|
import cz.muni.ics.oidc.web.controllers.IsTestSpController;
|
||||||
|
|
@ -37,7 +36,9 @@ import org.apache.http.HttpHeaders;
|
||||||
* @author Pavol Pluta <500348@mail.muni.cz>
|
* @author Pavol Pluta <500348@mail.muni.cz>
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class PerunIsTestSpFilter extends PerunRequestFilter {
|
public class PerunIsTestSpFilter extends AuthProcFilter {
|
||||||
|
|
||||||
|
public static final String APPLIED = "APPLIED_" + PerunIsTestSpFilter.class.getSimpleName();
|
||||||
|
|
||||||
private static final String IS_TEST_SP_ATTR_NAME = "isTestSpAttr";
|
private static final String IS_TEST_SP_ATTR_NAME = "isTestSpAttr";
|
||||||
|
|
||||||
|
|
@ -56,14 +57,17 @@ public class PerunIsTestSpFilter extends PerunRequestFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) throws IOException {
|
protected String getSessionAppliedParamName() {
|
||||||
HttpServletRequest request = (HttpServletRequest) req;
|
return APPLIED;
|
||||||
HttpServletResponse response = (HttpServletResponse) res;
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) throws IOException {
|
||||||
Facility facility = params.getFacility();
|
Facility facility = params.getFacility();
|
||||||
if (facility == null || facility.getId() == null) {
|
if (facility == null || facility.getId() == null) {
|
||||||
log.debug("{} - skip execution: no facility provided", filterName);
|
log.debug("{} - skip execution: no facility provided", filterName);
|
||||||
return true;
|
return true;
|
||||||
} else if (testSpWarningApproved(request)){
|
} else if (testSpWarningApproved(req)){
|
||||||
log.debug("{} - skip execution: warning already approved", filterName);
|
log.debug("{} - skip execution: warning already approved", filterName);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -74,7 +78,7 @@ public class PerunIsTestSpFilter extends PerunRequestFilter {
|
||||||
return true;
|
return true;
|
||||||
} else if (attrValue.valueAsBoolean()) {
|
} else if (attrValue.valueAsBoolean()) {
|
||||||
log.debug("{} - redirecting user to test SP warning page", filterName);
|
log.debug("{} - redirecting user to test SP warning page", filterName);
|
||||||
this.redirect(request, response);
|
this.redirect(req, res);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
log.debug("{} - service is not testing, let user access it", filterName);
|
log.debug("{} - service is not testing, let user access it", filterName);
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ import cz.muni.ics.oidc.BeanUtil;
|
||||||
import cz.muni.ics.oidc.saml.SamlProperties;
|
import cz.muni.ics.oidc.saml.SamlProperties;
|
||||||
import cz.muni.ics.oidc.server.filters.FilterParams;
|
import cz.muni.ics.oidc.server.filters.FilterParams;
|
||||||
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
|
import cz.muni.ics.oidc.server.filters.AuthProcFilter;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
||||||
import java.sql.Connection;
|
import java.sql.Connection;
|
||||||
import java.sql.Date;
|
import java.sql.Date;
|
||||||
|
|
@ -17,10 +17,10 @@ import java.sql.ResultSet;
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.time.LocalDate;
|
import java.time.LocalDate;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.Properties;
|
|
||||||
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletRequest;
|
||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.sql.DataSource;
|
import javax.sql.DataSource;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.security.saml.SAMLCredential;
|
import org.springframework.security.saml.SAMLCredential;
|
||||||
|
|
@ -51,7 +51,9 @@ import org.springframework.util.StringUtils;
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("SqlResolve")
|
@SuppressWarnings("SqlResolve")
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class ProxyStatisticsFilter extends PerunRequestFilter {
|
public class ProxyStatisticsFilter extends AuthProcFilter {
|
||||||
|
|
||||||
|
public static final String APPLIED = "APPLIED_" + ProxyStatisticsFilter.class.getSimpleName();
|
||||||
|
|
||||||
/* CONFIGURATION OPTIONS */
|
/* CONFIGURATION OPTIONS */
|
||||||
private static final String IDP_NAME_ATTRIBUTE_NAME = "idpNameAttributeName";
|
private static final String IDP_NAME_ATTRIBUTE_NAME = "idpNameAttributeName";
|
||||||
|
|
@ -97,9 +99,12 @@ public class ProxyStatisticsFilter extends PerunRequestFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) {
|
protected String getSessionAppliedParamName() {
|
||||||
HttpServletRequest request = (HttpServletRequest) req;
|
return APPLIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
|
||||||
ClientDetailsEntity client = params.getClient();
|
ClientDetailsEntity client = params.getClient();
|
||||||
if (client == null) {
|
if (client == null) {
|
||||||
log.warn("{} - skip execution: no client provided", filterName);
|
log.warn("{} - skip execution: no client provided", filterName);
|
||||||
|
|
@ -112,7 +117,7 @@ public class ProxyStatisticsFilter extends PerunRequestFilter {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
SAMLCredential samlCredential = FiltersUtils.getSamlCredential(request);
|
SAMLCredential samlCredential = FiltersUtils.getSamlCredential(req);
|
||||||
if (samlCredential == null) {
|
if (samlCredential == null) {
|
||||||
log.warn("{} - skip execution: no authN object available, cannot extract user identifier and idp identifier",
|
log.warn("{} - skip execution: no authN object available, cannot extract user identifier and idp identifier",
|
||||||
filterName);
|
filterName);
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ import cz.muni.ics.oidc.server.configurations.FacilityAttrsConfig;
|
||||||
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
import cz.muni.ics.oidc.server.configurations.PerunOidcConfig;
|
||||||
import cz.muni.ics.oidc.server.filters.FilterParams;
|
import cz.muni.ics.oidc.server.filters.FilterParams;
|
||||||
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
import cz.muni.ics.oidc.server.filters.FiltersUtils;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilter;
|
import cz.muni.ics.oidc.server.filters.AuthProcFilter;
|
||||||
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
import cz.muni.ics.oidc.server.filters.PerunRequestFilterParams;
|
||||||
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
|
import cz.muni.ics.oidc.web.controllers.PerunUnapprovedController;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
|
@ -46,7 +46,9 @@ import org.springframework.util.StringUtils;
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("SqlResolve")
|
@SuppressWarnings("SqlResolve")
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class ValidUserFilter extends PerunRequestFilter {
|
public class ValidUserFilter extends AuthProcFilter {
|
||||||
|
|
||||||
|
public static final String APPLIED = "APPLIED_" + ValidUserFilter.class.getSimpleName();
|
||||||
|
|
||||||
/* CONFIGURATION OPTIONS */
|
/* CONFIGURATION OPTIONS */
|
||||||
private static final String ALL_ENV_GROUPS = "allEnvGroups";
|
private static final String ALL_ENV_GROUPS = "allEnvGroups";
|
||||||
|
|
@ -86,10 +88,12 @@ public class ValidUserFilter extends PerunRequestFilter {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean process(ServletRequest req, ServletResponse res, FilterParams params) {
|
protected String getSessionAppliedParamName() {
|
||||||
HttpServletRequest request = (HttpServletRequest) req;
|
return APPLIED;
|
||||||
HttpServletResponse response = (HttpServletResponse) res;
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected boolean process(HttpServletRequest req, HttpServletResponse res, FilterParams params) {
|
||||||
Set<Long> additionalVos = new HashSet<>();
|
Set<Long> additionalVos = new HashSet<>();
|
||||||
Set<Long> additionalGroups = new HashSet<>();
|
Set<Long> additionalGroups = new HashSet<>();
|
||||||
|
|
||||||
|
|
@ -106,7 +110,7 @@ public class ValidUserFilter extends PerunRequestFilter {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!checkMemberValidInGroupsAndVos(user, facility, response, params, allEnvVos, allEnvGroups,
|
if (!checkMemberValidInGroupsAndVos(user, facility, res, params, allEnvVos, allEnvGroups,
|
||||||
PerunUnapprovedController.UNAPPROVED_NOT_IN_MANDATORY_VOS_GROUPS)) {
|
PerunUnapprovedController.UNAPPROVED_NOT_IN_MANDATORY_VOS_GROUPS)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
@ -121,7 +125,7 @@ public class ValidUserFilter extends PerunRequestFilter {
|
||||||
additionalVos.addAll(testEnvVos);
|
additionalVos.addAll(testEnvVos);
|
||||||
additionalGroups.addAll(testEnvGroups);
|
additionalGroups.addAll(testEnvGroups);
|
||||||
|
|
||||||
if (!checkMemberValidInGroupsAndVos(user, facility, response, params, additionalVos,
|
if (!checkMemberValidInGroupsAndVos(user, facility, res, params, additionalVos,
|
||||||
additionalGroups, PerunUnapprovedController.UNAPPROVED_NOT_IN_TEST_VOS_GROUPS)) {
|
additionalGroups, PerunUnapprovedController.UNAPPROVED_NOT_IN_TEST_VOS_GROUPS)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
@ -129,7 +133,7 @@ public class ValidUserFilter extends PerunRequestFilter {
|
||||||
additionalVos.addAll(prodEnvVos);
|
additionalVos.addAll(prodEnvVos);
|
||||||
additionalGroups.addAll(prodEnvGroups);
|
additionalGroups.addAll(prodEnvGroups);
|
||||||
|
|
||||||
if (!checkMemberValidInGroupsAndVos(user, facility, response, params, additionalVos,
|
if (!checkMemberValidInGroupsAndVos(user, facility, res, params, additionalVos,
|
||||||
additionalGroups, PerunUnapprovedController.UNAPPROVED_NOT_IN_PROD_VOS_GROUPS)) {
|
additionalGroups, PerunUnapprovedController.UNAPPROVED_NOT_IN_PROD_VOS_GROUPS)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,6 @@ public class AuthorizationEndpoint {
|
||||||
|
|
||||||
@RequestMapping(value = "/authorize")
|
@RequestMapping(value = "/authorize")
|
||||||
public RedirectView authorize(HttpServletRequest req) {
|
public RedirectView authorize(HttpServletRequest req) {
|
||||||
log.debug("Handling authorize in endpoint");
|
|
||||||
RedirectView view = new RedirectView("/auth/authorize?" + req.getQueryString());
|
RedirectView view = new RedirectView("/auth/authorize?" + req.getQueryString());
|
||||||
view.setContextRelative(true);
|
view.setContextRelative(true);
|
||||||
view.setAttributesMap(req.getParameterMap());
|
view.setAttributesMap(req.getParameterMap());
|
||||||
|
|
@ -20,4 +19,6 @@ public class AuthorizationEndpoint {
|
||||||
return view;
|
return view;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//TODO: handle also device endpoint
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue