Commit 8dc1a993 authored by femiadeyemi's avatar femiadeyemi
Browse files

rename existing controller and allow for SPA

Motivation:

Getting the access token is now a desirable. This will
enable the the browser to make a direct call to Cerebrum.

The web application is a single page application, hence
to allow the client routing, it become neccessary for the
error controller to be adjusted

Modification:

- create access to the access_token when a user is full
    authenticated.
- implement the error-controller class so that it will
    forward the request back to the index.html when any
    error is hit

Result:

- SPA now works and access to the token is now available.

Target: master
parent e71f7d6d
Pipeline #45344 failed with stages
in 6 minutes and 26 seconds
package de.helmholtz.marketplace.webappserver.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@Configuration
@EnableWebSecurity
public class HelmholtzMarketplaceServerSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception {
protected void configure(HttpSecurity http) throws Exception
{
SimpleUrlAuthenticationFailureHandler handler = new SimpleUrlAuthenticationFailureHandler("/");
// @formatter:off
......@@ -25,6 +30,9 @@ public class HelmholtzMarketplaceServerSecurityConfig extends WebSecurityConfigu
.exceptionHandling(error -> error
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
)
.csrf(c -> c
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
)
.logout(l -> l
.logoutSuccessUrl("/").permitAll()
)
......
package de.helmholtz.marketplace.webappserver.controller;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@RestController
public class HelmholtzMarketServerController
{
private final OAuth2AuthorizedClientService authorizedClientService;
public HelmholtzMarketServerController(
OAuth2AuthorizedClientService authorizedClientService)
{
this.authorizedClientService = authorizedClientService;
}
@GetMapping("/tokens")
public JsonNode getAccessToken(
OAuth2AuthenticationToken authentication, HttpServletResponse response) throws IOException
{
if (authentication == null) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "OAuth2AuthenticationToken is null");
return null;
}
final ObjectMapper mapper = new ObjectMapper();
OAuth2AuthorizedClient client = authorizedClientService.loadAuthorizedClient(
authentication.getAuthorizedClientRegistrationId(), authentication.getName());
return mapper.readTree("{ \"access_token\" : " + client.getAccessToken().getTokenValue() + "}");
}
@GetMapping("/csrf")
public CsrfToken csrf(CsrfToken token)
{
return token;
}
}
package de.helmholtz.marketplace.webappserver.controller;
import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Controller
public class SinglePageApplicationErrorController implements ErrorController
{
@RequestMapping("/error")
public Object error(HttpServletRequest request, HttpServletResponse response)
{
// FIXME - place the logging code here to log the cause of the error
if (request.getMethod().equalsIgnoreCase(HttpMethod.GET.name())) {
response.setStatus(HttpStatus.OK.value());
return "forward:/index.html";
} else {
return ResponseEntity.notFound().build();
}
}
@Override
public String getErrorPath()
{
return "/error";
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment