Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make the Travis pass by temporarly disabling this dependency. - OAuth2 externalizing configuration and making plugins more independent - Improved Logout Handler and Config Validator
- Loading branch information
Alessio Fabiani
committed
Sep 27, 2016
1 parent
f427745
commit b56c09a
Showing
15 changed files
with
505 additions
and
289 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
...oogle/src/main/java/org/geoserver/security/oauth2/GoogleOAuth2AuthenticationProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,41 @@ | |||
/* (c) 2016 Open Source Geospatial Foundation - all rights reserved | |||
* This code is licensed under the GPL 2.0 license, available at the root | |||
* application directory. | |||
*/ | |||
package org.geoserver.security.oauth2; | |||
|
|||
import org.geoserver.config.util.XStreamPersister; | |||
import org.geoserver.security.GeoServerSecurityManager; | |||
|
|||
/** | |||
* @author Alessio Fabiani, GeoSolutions S.A.S. | |||
* | |||
*/ | |||
public class GoogleOAuth2AuthenticationProvider extends GeoServerOAuthAuthenticationProvider { | |||
|
|||
// Default values | |||
protected String accessTokenUri = "https://accounts.google.com/o/oauth2/token"; | |||
|
|||
protected String userAuthorizationUri = "https://accounts.google.com/o/oauth2/auth"; | |||
|
|||
protected String redirectUri = "http://localhost:8080/geoserver"; | |||
|
|||
protected String checkTokenEndpointUrl = "https://www.googleapis.com/oauth2/v1/tokeninfo"; | |||
|
|||
protected String logoutUri = "https://accounts.google.com/logout"; | |||
|
|||
public GoogleOAuth2AuthenticationProvider(GeoServerSecurityManager securityManager) { | |||
super(securityManager); | |||
} | |||
|
|||
@Override | |||
public void handlePostChanged(GeoServerSecurityManager securityManager) { | |||
// Nothing to do | |||
} | |||
|
|||
@Override | |||
public void configure(XStreamPersister xp) { | |||
xp.getXStream().alias("googleOauth2Authentication", GoogleOAuth2FilterConfig.class); | |||
} | |||
|
|||
} |
230 changes: 230 additions & 0 deletions
230
...y/oauth2-google/src/main/java/org/geoserver/security/oauth2/GoogleOAuth2FilterConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,230 @@ | |||
/* (c) 2016 Open Source Geospatial Foundation - all rights reserved | |||
* This code is licensed under the GPL 2.0 license, available at the root | |||
* application directory. | |||
*/ | |||
package org.geoserver.security.oauth2; | |||
|
|||
import java.io.IOException; | |||
|
|||
import javax.servlet.ServletException; | |||
import javax.servlet.http.HttpServletRequest; | |||
import javax.servlet.http.HttpServletResponse; | |||
|
|||
import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig; | |||
import org.geoserver.security.config.SecurityAuthFilterConfig; | |||
import org.springframework.security.core.AuthenticationException; | |||
import org.springframework.security.web.AuthenticationEntryPoint; | |||
|
|||
/** | |||
* @author Alessio Fabiani, GeoSolutions S.A.S. | |||
* | |||
*/ | |||
public class GoogleOAuth2FilterConfig extends PreAuthenticatedUserNameFilterConfig | |||
implements SecurityAuthFilterConfig, OAuth2FilterConfig { | |||
|
|||
/** serialVersionUID */ | |||
private static final long serialVersionUID = -3551428051398501603L; | |||
|
|||
/** | |||
* **THIS MUST** be different for every OAuth2 Plugin | |||
*/ | |||
public static final String FILTER_LOGIN_ENDPOINT = "/j_spring_outh2_google_login"; | |||
|
|||
// DEFAULT VALUES - BEGIN - | |||
protected String cliendId; | |||
|
|||
protected String clientSecret; | |||
|
|||
protected String accessTokenUri = "https://accounts.google.com/o/oauth2/token"; | |||
|
|||
protected String userAuthorizationUri = "https://accounts.google.com/o/oauth2/auth"; | |||
|
|||
protected String redirectUri = "http://localhost:8080/geoserver"; | |||
|
|||
protected String checkTokenEndpointUrl = "https://www.googleapis.com/oauth2/v1/tokeninfo"; | |||
|
|||
protected String logoutUri = "https://accounts.google.com/logout"; | |||
|
|||
protected String scopes = "https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile"; | |||
|
|||
protected Boolean enableRedirectAuthenticationEntryPoint = false; | |||
|
|||
protected Boolean forceAccessTokenUriHttps = true; | |||
|
|||
protected Boolean forceUserAuthorizationUriHttps = true; | |||
// DEFAULT VALUES - END - | |||
|
|||
@Override | |||
public boolean providesAuthenticationEntryPoint() { | |||
return true; | |||
} | |||
|
|||
/** | |||
* @return the cliendId | |||
*/ | |||
public String getCliendId() { | |||
return cliendId; | |||
} | |||
|
|||
/** | |||
* @param cliendId the cliendId to set | |||
*/ | |||
public void setCliendId(String cliendId) { | |||
this.cliendId = cliendId; | |||
} | |||
|
|||
/** | |||
* @return the clientSecret | |||
*/ | |||
public String getClientSecret() { | |||
return clientSecret; | |||
} | |||
|
|||
/** | |||
* @param clientSecret the clientSecret to set | |||
*/ | |||
public void setClientSecret(String clientSecret) { | |||
this.clientSecret = clientSecret; | |||
} | |||
|
|||
/** | |||
* @return the accessTokenUri | |||
*/ | |||
public String getAccessTokenUri() { | |||
return accessTokenUri; | |||
} | |||
|
|||
/** | |||
* @param accessTokenUri the accessTokenUri to set | |||
*/ | |||
public void setAccessTokenUri(String accessTokenUri) { | |||
this.accessTokenUri = accessTokenUri; | |||
} | |||
|
|||
/** | |||
* @return the userAuthorizationUri | |||
*/ | |||
public String getUserAuthorizationUri() { | |||
return userAuthorizationUri; | |||
} | |||
|
|||
/** | |||
* @param userAuthorizationUri the userAuthorizationUri to set | |||
*/ | |||
public void setUserAuthorizationUri(String userAuthorizationUri) { | |||
this.userAuthorizationUri = userAuthorizationUri; | |||
} | |||
|
|||
/** | |||
* @return the redirectUri | |||
*/ | |||
public String getRedirectUri() { | |||
return redirectUri; | |||
} | |||
|
|||
/** | |||
* @param redirectUri the redirectUri to set | |||
*/ | |||
public void setRedirectUri(String redirectUri) { | |||
this.redirectUri = redirectUri; | |||
} | |||
|
|||
/** | |||
* @return the checkTokenEndpointUrl | |||
*/ | |||
public String getCheckTokenEndpointUrl() { | |||
return checkTokenEndpointUrl; | |||
} | |||
|
|||
/** | |||
* @param checkTokenEndpointUrl the checkTokenEndpointUrl to set | |||
*/ | |||
public void setCheckTokenEndpointUrl(String checkTokenEndpointUrl) { | |||
this.checkTokenEndpointUrl = checkTokenEndpointUrl; | |||
} | |||
|
|||
/** | |||
* @return the logoutUri | |||
*/ | |||
public String getLogoutUri() { | |||
return logoutUri; | |||
} | |||
|
|||
/** | |||
* @param logoutUri the logoutUri to set | |||
*/ | |||
public void setLogoutUri(String logoutUri) { | |||
this.logoutUri = logoutUri; | |||
} | |||
|
|||
/** | |||
* @return the scopes | |||
*/ | |||
public String getScopes() { | |||
return scopes; | |||
} | |||
|
|||
/** | |||
* @param scopes the scopes to set | |||
*/ | |||
public void setScopes(String scopes) { | |||
this.scopes = scopes; | |||
} | |||
|
|||
/** | |||
* @return the enableRedirectAuthenticationEntryPoint | |||
*/ | |||
public Boolean getEnableRedirectAuthenticationEntryPoint() { | |||
return enableRedirectAuthenticationEntryPoint; | |||
} | |||
|
|||
/** | |||
* @param enableRedirectAuthenticationEntryPoint the enableRedirectAuthenticationEntryPoint to set | |||
*/ | |||
public void setEnableRedirectAuthenticationEntryPoint( | |||
Boolean enableRedirectAuthenticationEntryPoint) { | |||
this.enableRedirectAuthenticationEntryPoint = enableRedirectAuthenticationEntryPoint; | |||
} | |||
|
|||
@Override | |||
public AuthenticationEntryPoint getAuthenticationEntryPoint() { | |||
return new AuthenticationEntryPoint() { | |||
|
|||
@Override | |||
public void commence(HttpServletRequest request, HttpServletResponse response, | |||
AuthenticationException authException) throws IOException, ServletException { | |||
final StringBuilder loginUri = new StringBuilder(getUserAuthorizationUri()); | |||
loginUri.append("?").append("response_type=code").append("&").append("client_id=") | |||
.append(getCliendId()).append("&").append("scope=") | |||
.append(getScopes().replace(",", "%20")).append("&").append("redirect_uri=") | |||
.append(getRedirectUri()); | |||
|
|||
if (getEnableRedirectAuthenticationEntryPoint() | |||
|| request.getRequestURI().endsWith(FILTER_LOGIN_ENDPOINT)) { | |||
response.sendRedirect(loginUri.toString()); | |||
} | |||
} | |||
}; | |||
} | |||
|
|||
@Override | |||
public Boolean getForceAccessTokenUriHttps() { | |||
return forceAccessTokenUriHttps; | |||
} | |||
|
|||
@Override | |||
public void setForceAccessTokenUriHttps(Boolean forceAccessTokenUriHttps) { | |||
this.forceAccessTokenUriHttps = forceAccessTokenUriHttps; | |||
} | |||
|
|||
@Override | |||
public Boolean getForceUserAuthorizationUriHttps() { | |||
return forceUserAuthorizationUriHttps; | |||
} | |||
|
|||
@Override | |||
public void setForceUserAuthorizationUriHttps(Boolean forceUserAuthorizationUriHttps) { | |||
this.forceUserAuthorizationUriHttps = forceUserAuthorizationUriHttps; | |||
} | |||
|
|||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.