Session is being loaded!

orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/EmailManagerReadOnly.java

@@ -37,7 +37,9 @@ public interface EmailManagerReadOnly extends ManagerReadOnlyBase {
 
     EmailEntity find(String email);
 
-    Email findPrimaryEmail(String orcid);   
+    Email findPrimaryEmail(String orcid);
+
+    String findPrimaryEmailValueFromCache(String orcid);
 
     EmailFrequencyOptions getEmailFrequencyOptions();
 

orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/impl/EmailManagerReadOnlyImpl.java

@@ -27,6 +27,7 @@
 import org.orcid.utils.OrcidStringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.cache.annotation.Cacheable;
 
 /**
  * 
@@ -185,7 +186,17 @@ public Email findPrimaryEmail(String orcid) {
         }
         return jpaJaxbEmailAdapter.toEmail(emailDao.findPrimaryEmail(orcid));
     }
-
+
+    @Override
+    @Cacheable("primary-email-value")
+    public String findPrimaryEmailValueFromCache(String orcid) {
+        if(PojoUtil.isEmpty(orcid)) {
+            return null;
+        }
+        EmailEntity entity = emailDao.findPrimaryEmail(orcid);
+        return entity.getEmail();
+    }
+
     @Override
     public boolean isUsersOnlyEmail(String orcid, String email) {
         List<EmailEntity> emails = emailDao.findByOrcid(orcid, getLastModified(orcid));

orcid-core/src/main/java/org/orcid/core/oauth/OrcidProfileUserDetails.java

@@ -13,26 +13,19 @@ public class OrcidProfileUserDetails implements UserDetails {
 
     private static final long serialVersionUID = 1L;
 
-    private String orcid;
+    private final String orcid;
 
-    private String primaryEmail;
-
-    private String password;
+    private final String password;
 
     private Collection<OrcidWebRole> grantedAuthorities = new HashSet<>();
 
-    public OrcidProfileUserDetails() {
-    }
-
-    public OrcidProfileUserDetails(String orcid, String primaryEmail, String password) {
+    public OrcidProfileUserDetails(String orcid, String password) {
         this.orcid = orcid;
-        this.primaryEmail = primaryEmail;
         this.password = password;
     }
 
-    public OrcidProfileUserDetails(String orcid, String primaryEmail, String password, Collection<OrcidWebRole> grantedAuthorities) {
+    public OrcidProfileUserDetails(String orcid, String password, Collection<OrcidWebRole> grantedAuthorities) {
         this.orcid = orcid;
-        this.primaryEmail = primaryEmail;
         this.password = password;
         this.grantedAuthorities = grantedAuthorities;
     }
@@ -122,18 +115,13 @@ public String getOrcid() {
         return orcid;
     }
 
-    public String getPrimaryEmail() {
-        return primaryEmail;
-    }
-
     @Override
     public int hashCode() {
         final int prime = 31;
         int result = 1;
         result = prime * result + ((grantedAuthorities == null) ? 0 : grantedAuthorities.hashCode());
         result = prime * result + ((orcid == null) ? 0 : orcid.hashCode());
         result = prime * result + ((password == null) ? 0 : password.hashCode());
-        result = prime * result + ((primaryEmail == null) ? 0 : primaryEmail.hashCode());
         return result;
     }
 
@@ -161,11 +149,6 @@ public boolean equals(Object obj) {
                 return false;
         } else if (!password.equals(other.password))
             return false;
-        if (primaryEmail == null) {
-            if (other.primaryEmail != null)
-                return false;
-        } else if (!primaryEmail.equals(other.primaryEmail))
-            return false;
         return true;
     }
 

orcid-core/src/main/java/org/orcid/core/security/OrcidUserDetailsServiceImpl.java

@@ -53,13 +53,13 @@ public class OrcidUserDetailsServiceImpl implements OrcidUserDetailsService {
 
     @Resource
     private EmailDao emailDao;
-
-    @Resource(name = "emailManagerReadOnlyV3")
-    protected EmailManagerReadOnly emailManagerReadOnly;
-
+
     @Resource
     private OrcidSecurityManager securityMgr;
 
+    @Resource (name = "emailManagerReadOnlyV3")
+    private EmailManagerReadOnly emailManagerReadOnly;
+
     @Value("${org.orcid.core.baseUri}")
     private String baseUrl;
 
@@ -107,43 +107,19 @@ public OrcidProfileUserDetails loadUserByProfile(ProfileEntity profile) {
     }
 
     private OrcidProfileUserDetails createUserDetails(ProfileEntity profile) {
-        String primaryEmail = retrievePrimaryEmail(profile);
-
+        String primaryEmail = retrievePrimaryEmail(profile.getId());
         OrcidProfileUserDetails userDetails = null;
 
         if (profile.getOrcidType() != null) {
             OrcidType orcidType = OrcidType.valueOf(profile.getOrcidType());
-            userDetails = new OrcidProfileUserDetails(profile.getId(), primaryEmail, profile.getEncryptedPassword(), buildAuthorities(orcidType, profile.getGroupType() != null ? MemberType.valueOf(profile.getGroupType()) : null));
+            userDetails = new OrcidProfileUserDetails(profile.getId(), profile.getEncryptedPassword(), buildAuthorities(orcidType, profile.getGroupType() != null ? MemberType.valueOf(profile.getGroupType()) : null));
         } else {
-            userDetails = new OrcidProfileUserDetails(profile.getId(), primaryEmail, profile.getEncryptedPassword());
+            userDetails = new OrcidProfileUserDetails(profile.getId(), profile.getEncryptedPassword());
         }
 
         return userDetails;
     }
 
-    private String retrievePrimaryEmail(ProfileEntity profile) {
-        String orcid = profile.getId();
-        try {
-            return emailDao.findPrimaryEmail(orcid).getEmail();
-        } catch (javax.persistence.NoResultException nre) {
-            String alternativePrimaryEmail = emailDao.findNewestVerifiedOrNewestEmail(profile.getId());
-            emailDao.updatePrimary(orcid, alternativePrimaryEmail);
-
-            String message = String.format("User with orcid %s have no primary email, so, we are setting the newest verified email, or, the newest email in case non is verified as the primary one", orcid);
-            LOGGER.error(message);
-
-            return alternativePrimaryEmail;
-        } catch (javax.persistence.NonUniqueResultException nure) {
-            String alternativePrimaryEmail = emailDao.findNewestPrimaryEmail(profile.getId());
-            emailDao.updatePrimary(orcid, alternativePrimaryEmail);
-
-            String message = String.format("User with orcid %s have more than one primary email, so, we are setting the latest modified primary as the primary one", orcid);
-            LOGGER.error(message);
-
-            return alternativePrimaryEmail;
-        }
-    }
-
     private void checkStatuses(ProfileEntity profile) {
         if (profile.getPrimaryRecord() != null) {
             throw new DeprecatedProfileException("orcid.frontend.security.deprecated_with_primary", profile.getPrimaryRecord().getId(), profile.getId());
@@ -207,9 +183,25 @@ else if (orcidType.equals(OrcidType.GROUP)) {
     }
 
     private List<OrcidWebRole> rolesAsList(OrcidWebRole... roles) {
-        // Make a mutable list
-        List<OrcidWebRole> list = new ArrayList<OrcidWebRole>(Arrays.asList(roles));
-        return list;
+        return new ArrayList<OrcidWebRole>(Arrays.asList(roles));
+    }
 
+    @Deprecated(forRemoval = true)
+    private String retrievePrimaryEmail(String orcid) {
+        try {
+            return emailDao.findPrimaryEmail(orcid).getEmail();
+        } catch (javax.persistence.NoResultException nre) {
+            String alternativePrimaryEmail = emailDao.findNewestVerifiedOrNewestEmail(orcid);
+            emailDao.updatePrimary(orcid, alternativePrimaryEmail);
+            String message = String.format("User with orcid %s have no primary email, so, we are setting the newest verified email, or, the newest email in case non is verified as the primary one", orcid);
+            LOGGER.error(message);
+            return alternativePrimaryEmail;
+        } catch (javax.persistence.NonUniqueResultException nure) {
+            String alternativePrimaryEmail = emailDao.findNewestPrimaryEmail(orcid);
+            emailDao.updatePrimary(orcid, alternativePrimaryEmail);
+            String message = String.format("User with orcid %s have more than one primary email, so, we are setting the latest modified primary as the primary one", orcid);
+            LOGGER.error(message);
+            return alternativePrimaryEmail;
+        }
     }
 }

orcid-core/src/main/java/org/orcid/core/utils/SecurityContextTestUtils.java

@@ -124,7 +124,7 @@ static public void clearSecurityContext() {
     }
 
     static public void setupSecurityContextForWebUser(String userId, String email) {
-        OrcidProfileUserDetails details = new OrcidProfileUserDetails(userId, email, "password");
+        OrcidProfileUserDetails details = new OrcidProfileUserDetails(userId, email);
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userId, "password");
         auth.setDetails(details);
         SecurityContextImpl securityContext = new SecurityContextImpl();

orcid-core/src/main/resources/ehcache_default.xml

@@ -294,6 +294,13 @@
             <ehcache:disk unit="MB" persistent="false">16</ehcache:disk>
         </ehcache:resources>
     </ehcache:cache>
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
 
     <ehcache:cache alias="count-tokens" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>

orcid-core/src/main/resources/ehcache_orcid-api-web.xml

@@ -108,6 +108,13 @@
     <ehcache:cache alias="emails" uses-template="bioTemplate" />
 
     <ehcache:cache alias="public-emails" uses-template="bioTemplate" />
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
 
     <ehcache:cache alias="client-details" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>

orcid-core/src/main/resources/ehcache_orcid-internal-api.xml

@@ -262,6 +262,13 @@
             <ehcache:disk unit="MB" persistent="false">64</ehcache:disk>
         </ehcache:resources>
     </ehcache:cache>
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
 
     <ehcache:cache alias="count-tokens" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>

orcid-core/src/main/resources/ehcache_orcid-pub-web.xml

@@ -108,7 +108,14 @@
     <ehcache:cache alias="emails" uses-template="bioTemplate" />
 
     <ehcache:cache alias="public-emails" uses-template="bioTemplate" />
-
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
+
     <ehcache:cache alias="client-details" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
         <ehcache:expiry>

orcid-core/src/main/resources/ehcache_orcid-scheduler-web.xml

@@ -124,7 +124,14 @@
     <ehcache:cache alias="emails" uses-template="bioTemplate" />
 
     <ehcache:cache alias="public-emails" uses-template="bioTemplate" />
-
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
+
     <ehcache:cache alias="count-tokens" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
         <ehcache:resources>

orcid-core/src/main/resources/ehcache_orcid-web.xml

@@ -140,7 +140,14 @@
     <ehcache:cache alias="emails" uses-template="bioTemplate" />
 
     <ehcache:cache alias="public-emails" uses-template="bioTemplate" />
-
+
+    <ehcache:cache alias="primary-email-value" uses-template="defaultTemplate">
+        <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
+        <ehcache:expiry>
+            <ehcache:tti unit="minutes">10</ehcache:tti>
+        </ehcache:expiry>
+    </ehcache:cache>
+
     <ehcache:cache alias="client-details" uses-template="defaultTemplate">
         <ehcache:value-type copier="org.ehcache.impl.copy.IdentityCopier"/>
         <ehcache:expiry>

orcid-core/src/test/java/org/orcid/core/security/OrcidUserDetailsServiceTest.java

@@ -217,7 +217,6 @@ public void loadUserByProfile_MoreThanOnePrimaryAvailable() {
 
         assertNotNull(opud);
         opud.getUsername();
-        assertEquals(email, opud.getPrimaryEmail());
         assertEquals(ORCID, opud.getUsername());
     }
 
@@ -233,7 +232,6 @@ public void loadUserByProfile_NoPrimaryAvailable() {
 
         assertNotNull(opud);
         opud.getUsername();
-        assertEquals(email, opud.getPrimaryEmail());
         assertEquals(ORCID, opud.getUsername());
     }
 

orcid-web/src/main/java/org/orcid/frontend/web/controllers/BaseControllerUtil.java

@@ -1,20 +1,78 @@
 package org.orcid.frontend.web.controllers;
 
 import org.orcid.core.oauth.OrcidProfileUserDetails;
+import org.orcid.core.security.OrcidWebRole;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
+import javax.management.relation.InvalidRoleValueException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
 public class BaseControllerUtil {
 
     public OrcidProfileUserDetails getCurrentUser(SecurityContext context) {
         if (context == null) 
             return null;
         Authentication authentication = context.getAuthentication();
-        if ((authentication instanceof UsernamePasswordAuthenticationToken || authentication instanceof PreAuthenticatedAuthenticationToken)
-                && authentication.getDetails() instanceof OrcidProfileUserDetails) {
-            return ((OrcidProfileUserDetails) authentication.getDetails());
+        Object details = authentication.getDetails();
+        if ((authentication instanceof UsernamePasswordAuthenticationToken || authentication instanceof PreAuthenticatedAuthenticationToken)) {
+            if(authentication.getDetails() instanceof OrcidProfileUserDetails) {
+                return ((OrcidProfileUserDetails) authentication.getDetails());
+            } else {
+                // From the authorization server we will get a
+                String orcid = authentication.getName();
+                Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+
+                List<OrcidWebRole> orcidAuthorities = new ArrayList<OrcidWebRole>();
+                authorities.forEach(x -> {
+                    switch (x.getAuthority()) {
+                        case "ROLE_USER":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_USER);
+                            break;
+                        case "ROLE_ADMIN":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_ADMIN);
+                            break;
+                        case "ROLE_GROUP":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_GROUP);
+                            break;
+                        case "ROLE_BASIC":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_BASIC);
+                            break;
+                        case "ROLE_PREMIUM":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_PREMIUM);
+                            break;
+                        case "ROLE_BASIC_INSTITUTION":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_BASIC_INSTITUTION);
+                            break;
+                        case "ROLE_PREMIUM_INSTITUTION":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_PREMIUM_INSTITUTION);
+                            break;
+                        case "ROLE_CREATOR":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_CREATOR);
+                            break;
+                        case "ROLE_PREMIUM_CREATOR":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_PREMIUM_CREATOR);
+                            break;
+                        case "ROLE_UPDATER":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_UPDATER);
+                            break;
+                        case "ROLE_PREMIUM_UPDATER":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_PREMIUM_UPDATER);
+                            break;
+                        case "ROLE_SELF_SERVICE":
+                            orcidAuthorities.add(OrcidWebRole.ROLE_SELF_SERVICE);
+                            break;
+                        default:
+                            throw new RuntimeException("Unsupported orcid authority for" + orcid + ": '" + x.getAuthority() + "'");
+                    }
+                });
+                return new OrcidProfileUserDetails(orcid, null, orcidAuthorities);
+            }
         } else {
             return null;
         }