develop #29
src/main
@ -0,0 +1,42 @@
|
||||
package se.su.dsv.seshat;
|
||||
|
||||
import org.springframework.core.convert.converter.Converter;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.RequestEntity;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration;
|
||||
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
|
||||
import org.springframework.util.LinkedMultiValueMap;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Collections;
|
||||
|
||||
public class TokenIntrospectionRequestEntityConverter implements Converter<OAuth2UserRequest, RequestEntity<?>> {
|
||||
private static final MediaType FORM_URL_ENCODED = MediaType.valueOf(
|
||||
MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8"
|
||||
);
|
||||
|
||||
@Override
|
||||
public RequestEntity<?> convert(OAuth2UserRequest userRequest) {
|
||||
ClientRegistration clientRegistration = userRequest.getClientRegistration();
|
||||
|
||||
URI uri = UriComponentsBuilder.fromUriString(
|
||||
clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri()
|
||||
)
|
||||
.build()
|
||||
.toUri();
|
||||
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret());
|
||||
headers.setAccept(Collections.singletonList(MediaType.ALL));
|
||||
headers.setContentType(FORM_URL_ENCODED);
|
||||
|
||||
MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>();
|
||||
formParameters.add(OAuth2ParameterNames.TOKEN, userRequest.getAccessToken().getTokenValue());
|
||||
return new RequestEntity<>(formParameters, headers, HttpMethod.POST, uri);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,25 @@
|
||||
package se.su.dsv.seshat.configuration;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
|
||||
import se.su.dsv.seshat.TokenIntrospectionRequestEntityConverter;
|
||||
|
||||
@Configuration
|
||||
public class SeshatConfiguration {
|
||||
|
||||
// Stop gap measure to switch to Token Introspection instead of OIDC UserInfo
|
||||
// endpoint. This is necessary because the UserInfo endpoint will in soon require
|
||||
// the "openid" scope, which is not granted to our clients. Unfortunately we can't
|
||||
// request the scope because that makes Spring require an id token in the token
|
||||
// exchange which is not granted at the moment.
|
||||
//
|
||||
// Once a new authorization server is in place we can remove this bean and use
|
||||
// straight up id tokens with "openid" scope.
|
||||
@Bean
|
||||
public DefaultOAuth2UserService defaultOAuth2UserService() {
|
||||
DefaultOAuth2UserService defaultOAuth2UserService = new DefaultOAuth2UserService();
|
||||
defaultOAuth2UserService.setRequestEntityConverter(new TokenIntrospectionRequestEntityConverter());
|
||||
return defaultOAuth2UserService;
|
||||
}
|
||||
}
|
||||
@ -35,7 +35,7 @@ public class CustomOAuth2loginSuccessHandler implements AuthenticationSuccessHan
|
||||
String email = oAuth2User.getAttribute("mail") != null ? oAuth2User.getAttribute("mail") : "no-email";
|
||||
|
||||
|
||||
if(!userService.existsByUsername(oAuth2User.getAttribute("principal"))) {
|
||||
if(!userService.existsByUsername(username)) {
|
||||
userService.registerUser(username, email);
|
||||
}
|
||||
response.sendRedirect(redirectUrl);
|
||||
|
||||
@ -32,7 +32,7 @@ spring.jpa.show-sql=false
|
||||
# OAuth2 properties, remember if you change the registration.provider the provider properties must be updated
|
||||
spring.security.oauth2.client.provider.docker.authorization-uri=http://localhost:51337/authorize
|
||||
spring.security.oauth2.client.provider.docker.token-uri=http://localhost:51337/exchange
|
||||
spring.security.oauth2.client.provider.docker.user-info-uri=http://localhost:51337/verify
|
||||
spring.security.oauth2.client.provider.docker.user-info-uri=http://localhost:51337/introspect
|
||||
spring.security.oauth2.client.provider.docker.user-name-attribute=sub
|
||||
spring.security.oauth2.client.registration.seshat.client-id=seshat
|
||||
spring.security.oauth2.client.registration.seshat.client-secret=n0tS3cr3t
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Seshat Auido Transcriber</title>
|
||||
<title>Seshat Audio Transcriber</title>
|
||||
<link th:rel="stylesheet" th:href="@{/3p/bootstrap-5.3.3-dist/css/bootstrap.min.css}" />
|
||||
<link th:rel="stylesheet" th:href="@{/3p/bootstrap-icons-1.11.3/font/bootstrap-icons.min.css}" />
|
||||
<link th:rel="stylesheet" th:href="@{/css/styles.css}" />
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Seshat Auido Transcriber</title>
|
||||
<title>Seshat Audio Transcriber</title>
|
||||
<link th:rel="stylesheet" th:href="@{/3p/bootstrap-5.3.3-dist/css/bootstrap.min.css}" />
|
||||
<link th:rel="stylesheet" th:href="@{/3p/bootstrap-icons-1.11.3/font/bootstrap-icons.min.css}" />
|
||||
<link th:rel="stylesheet" th:href="@{/css/styles.css}" />
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user