From 327948179e7bbe26605e09d6ecfe906e1cc546e0 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Tue, 27 Feb 2024 13:37:16 -0600 Subject: [PATCH 01/18] Deactivated records should get 409 on GET requests --- .../orcid/api/common/jaxb/OrcidExceptionMapper.java | 2 ++ .../impl/MemberV3ApiServiceDelegatorImpl.java | 12 ++---------- .../manager/v3/impl/OrcidSecurityManagerImpl.java | 6 +++--- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/orcid-api-common/src/main/java/org/orcid/api/common/jaxb/OrcidExceptionMapper.java b/orcid-api-common/src/main/java/org/orcid/api/common/jaxb/OrcidExceptionMapper.java index 81f74a10d2b..d96850ceb37 100644 --- a/orcid-api-common/src/main/java/org/orcid/api/common/jaxb/OrcidExceptionMapper.java +++ b/orcid-api-common/src/main/java/org/orcid/api/common/jaxb/OrcidExceptionMapper.java @@ -111,6 +111,8 @@ public Response toResponse(Throwable t) { logShortError(t, clientId); } else if (t instanceof LockedException) { logShortError(t, clientId); + } else if (t instanceof DeactivatedException) { + logShortError(t, clientId); } else if (t instanceof ClientDeactivatedException) { logShortError(t, clientId); } else if (t instanceof OrcidNonPublicElementException) { diff --git a/orcid-api-web/src/main/java/org/orcid/api/memberV3/server/delegator/impl/MemberV3ApiServiceDelegatorImpl.java b/orcid-api-web/src/main/java/org/orcid/api/memberV3/server/delegator/impl/MemberV3ApiServiceDelegatorImpl.java index 64c6535d0bf..a3fb41eb9a5 100644 --- a/orcid-api-web/src/main/java/org/orcid/api/memberV3/server/delegator/impl/MemberV3ApiServiceDelegatorImpl.java +++ b/orcid-api-web/src/main/java/org/orcid/api/memberV3/server/delegator/impl/MemberV3ApiServiceDelegatorImpl.java @@ -1642,16 +1642,8 @@ public Response deleteResearchResource(String orcid, Long putCode) { return Response.noContent().build(); } - private void checkProfileStatus(String orcid, boolean readOperation) { - try { - orcidSecurityManager.checkProfile(orcid); - } catch (DeactivatedException e) { - // If it is a read operation, ignore the deactivated status since we - // are going to return the empty element with the deactivation date - if (!readOperation) { - throw e; - } - } + private void checkProfileStatus(String orcid, boolean readOperation) throws DeactivatedException { + orcidSecurityManager.checkProfile(orcid); } private Map addParmsMismatchedPutCode(Long urlPutCode, Long bodyPutCode) { diff --git a/orcid-core/src/main/java/org/orcid/core/manager/v3/impl/OrcidSecurityManagerImpl.java b/orcid-core/src/main/java/org/orcid/core/manager/v3/impl/OrcidSecurityManagerImpl.java index 59b415afdc0..5067b4195e3 100644 --- a/orcid-core/src/main/java/org/orcid/core/manager/v3/impl/OrcidSecurityManagerImpl.java +++ b/orcid-core/src/main/java/org/orcid/core/manager/v3/impl/OrcidSecurityManagerImpl.java @@ -202,15 +202,15 @@ public void checkProfile(String orcid) throws NoResultException, OrcidDeprecated // Check if the user record is locked if (!profile.isAccountNonLocked()) { - LockedException lockedException = new LockedException(); + LockedException lockedException = new LockedException(orcid + " is locked"); lockedException.setOrcid(profile.getId()); throw lockedException; } // Check if the user record is deactivated if (profile.getDeactivationDate() != null) { - DeactivatedException exception = new DeactivatedException(); - exception.setOrcid(orcid); + DeactivatedException exception = new DeactivatedException(orcid + " is deactivated"); + exception.setOrcid(orcid); throw exception; } } From 3ccccec414b4f6f8f58b3eebdee7ff3dade4a705 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Mon, 12 Aug 2024 13:48:00 -0600 Subject: [PATCH 02/18] Sequence should start at 100000 --- .../db/updates/create_profile_email_domain_table.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/orcid-persistence/src/main/resources/db/updates/create_profile_email_domain_table.xml b/orcid-persistence/src/main/resources/db/updates/create_profile_email_domain_table.xml index 9c403245e97..7e741ee3bd7 100644 --- a/orcid-persistence/src/main/resources/db/updates/create_profile_email_domain_table.xml +++ b/orcid-persistence/src/main/resources/db/updates/create_profile_email_domain_table.xml @@ -29,11 +29,11 @@ - + - + From a4e5704c641c38cd86104491b2edf1bac89ebf07 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Fri, 30 Aug 2024 10:18:26 -0600 Subject: [PATCH 03/18] Lets store the scopes and authrities directly into the auth code table --- .../src/main/resources/db-master.xml | 1 + ...uthoriziation_code_detail_improvements.xml | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml diff --git a/orcid-persistence/src/main/resources/db-master.xml b/orcid-persistence/src/main/resources/db-master.xml index 3f0df9ca962..dd6d193070f 100644 --- a/orcid-persistence/src/main/resources/db-master.xml +++ b/orcid-persistence/src/main/resources/db-master.xml @@ -403,4 +403,5 @@ + \ No newline at end of file diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml new file mode 100644 index 00000000000..d67f5b803af --- /dev/null +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -0,0 +1,27 @@ + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 1dba8a81507b13e48afb11daac4d23ce923bd277 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Fri, 30 Aug 2024 11:07:35 -0600 Subject: [PATCH 04/18] Add authorization_uri to the authorization code table --- ...oauth2_authoriziation_code_detail_improvements.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml index d67f5b803af..ef16f394e30 100644 --- a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -24,4 +24,15 @@ + + + + + + + + + + + \ No newline at end of file From 56d016108df79ae4dbfee38c113a2973a15af05a Mon Sep 17 00:00:00 2001 From: amontenegro Date: Fri, 30 Aug 2024 11:38:26 -0600 Subject: [PATCH 05/18] Change name --- .../oauth2_authoriziation_code_detail_improvements.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml index ef16f394e30..d843a71311a 100644 --- a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -27,11 +27,11 @@ - + - + From de445a1a0e5724254230283cb7f824a20ff56a68 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Fri, 30 Aug 2024 12:01:02 -0600 Subject: [PATCH 06/18] Add a field to store the short auth code --- ...oauth2_authoriziation_code_detail_improvements.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml index d843a71311a..7fc3fc5b27e 100644 --- a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -35,4 +35,15 @@ + + + + + + + + + + + \ No newline at end of file From ec099315c62cf6c34bcdf13186d96de254029ae8 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Sat, 31 Aug 2024 11:22:31 -0600 Subject: [PATCH 07/18] Storing the spring security request id, still not sure why we need it and how we will use it --- ...oauth2_authoriziation_code_detail_improvements.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml index 7fc3fc5b27e..385bde62d36 100644 --- a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -46,4 +46,15 @@ + + + + + + + + + + + \ No newline at end of file From 72d4221f3c28463dea3c7ad18eab1bea6f1fd898 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Sat, 31 Aug 2024 11:25:43 -0600 Subject: [PATCH 08/18] Shorter id names --- .../oauth2_authoriziation_code_detail_improvements.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml index 385bde62d36..77e8bac3672 100644 --- a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -2,7 +2,7 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-2.0.xsd"> - + @@ -13,7 +13,7 @@ - + @@ -24,7 +24,7 @@ - + @@ -35,7 +35,7 @@ - + @@ -46,7 +46,7 @@ - + From bad70612fa47b2afb40b89d91a7af849d18b6643 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Sat, 31 Aug 2024 12:06:33 -0600 Subject: [PATCH 09/18] Adding auth code expiration time --- ...h2_authoriziation_code_detail_improvements.xml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml index 77e8bac3672..737e7d19198 100644 --- a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -38,11 +38,11 @@ - + - + @@ -57,4 +57,15 @@ + + + + + + + + + + + \ No newline at end of file From 538e0baaf8e4f09c8b8e5b79cc1c4fce104aa49b Mon Sep 17 00:00:00 2001 From: amontenegro Date: Mon, 2 Sep 2024 12:04:16 -0600 Subject: [PATCH 10/18] Add the authorization state attribute field --- ...oauth2_authoriziation_code_detail_improvements.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml index 737e7d19198..4824fc68702 100644 --- a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -24,6 +24,17 @@ + + + + + + + + + + + From b616230215401f023e5c5b440bec883fd2deeec5 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Thu, 5 Sep 2024 10:51:52 -0600 Subject: [PATCH 11/18] We dont need to store the short auth code in a different field --- ...oauth2_authoriziation_code_detail_improvements.xml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml index 4824fc68702..08e30b962da 100644 --- a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -46,17 +46,6 @@ - - - - - - - - - - - From f19e778ec63db89d11bfb50705f710e095ecb92c Mon Sep 17 00:00:00 2001 From: amontenegro Date: Fri, 13 Sep 2024 09:57:23 -0600 Subject: [PATCH 12/18] Adding spring session redis --- orcid-core/pom.xml | 12 +- orcid-web/pom.xml | 12 ++ .../configuration/SessionCacheConfig.java | 50 ++++++++ .../session/OrcidRedisSessionRepository.java | 12 ++ .../resources/orcid-frontend-security.xml | 114 ++++++++---------- 5 files changed, 133 insertions(+), 67 deletions(-) create mode 100644 orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java create mode 100644 orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java diff --git a/orcid-core/pom.xml b/orcid-core/pom.xml index ece6526400d..25ce3c3ce01 100644 --- a/orcid-core/pom.xml +++ b/orcid-core/pom.xml @@ -326,8 +326,18 @@ redis.clients jedis - 4.4.3 + 3.7.1 + + + + + org.json + json + 20240303 + + + diff --git a/orcid-web/pom.xml b/orcid-web/pom.xml index b8f8e9683dc..c59965a7245 100644 --- a/orcid-web/pom.xml +++ b/orcid-web/pom.xml @@ -123,6 +123,18 @@ + + + org.springframework.session + spring-session-core + 2.6.4 + + + org.springframework.session + spring-session-data-redis + 2.6.4 + + org.hibernate hibernate-agroal diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java b/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java new file mode 100644 index 00000000000..ef9a1020282 --- /dev/null +++ b/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java @@ -0,0 +1,50 @@ +package org.orcid.frontend.spring.configuration; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.data.redis.connection.RedisStandaloneConfiguration; +import org.springframework.data.redis.connection.jedis.JedisClientConfiguration; +import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; +import org.springframework.session.data.redis.config.ConfigureRedisAction; +import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession; +import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer; +import redis.clients.jedis.DefaultJedisClientConfig; +import redis.clients.jedis.JedisClientConfig; + +import java.time.Duration; + +@Configuration +@EnableRedisHttpSession +public class SessionCacheConfig extends AbstractHttpSessionApplicationInitializer { + + @Value("${org.orcid.core.utils.cache.redis.host}") + private String host; + @Value("${org.orcid.core.utils.cache.redis.port}") + private int port; + @Value("${org.orcid.core.utils.cache.redis.password}") + private String password; + @Value("${org.orcid.core.utils.cache.redis.connection_timeout_millis:10000}") + private int connectionTimeoutMillis; + + + @Bean + public JedisConnectionFactory connectionFactory() { + Duration timeoutDuration = Duration.ofMillis(connectionTimeoutMillis); + + RedisStandaloneConfiguration redisStandaloneConfiguration = new RedisStandaloneConfiguration(); + redisStandaloneConfiguration.setHostName(host); + redisStandaloneConfiguration.setPort(port); + redisStandaloneConfiguration.setPassword(password); + + JedisClientConfiguration.JedisClientConfigurationBuilder jedisClientConfigurationBuilder = JedisClientConfiguration.builder(); + jedisClientConfigurationBuilder.useSsl().and().connectTimeout(timeoutDuration).build(); + + return new JedisConnectionFactory(redisStandaloneConfiguration, jedisClientConfigurationBuilder.build()); + } + + @Bean + public static ConfigureRedisAction configureRedisAction() { + return ConfigureRedisAction.NO_OP; + } +} diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java b/orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java new file mode 100644 index 00000000000..3db4949d031 --- /dev/null +++ b/orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java @@ -0,0 +1,12 @@ +package org.orcid.frontend.spring.session; + +import org.springframework.data.redis.core.RedisOperations; +import org.springframework.session.data.redis.RedisSessionRepository; + +public class OrcidRedisSessionRepository extends RedisSessionRepository { + + public OrcidRedisSessionRepository(RedisOperations sessionRedisOperations) { + super(sessionRedisOperations); + } + +} diff --git a/orcid-web/src/main/resources/orcid-frontend-security.xml b/orcid-web/src/main/resources/orcid-frontend-security.xml index 95337fbdd50..b96d39ecf5e 100644 --- a/orcid-web/src/main/resources/orcid-frontend-security.xml +++ b/orcid-web/src/main/resources/orcid-frontend-security.xml @@ -45,9 +45,6 @@ - - @@ -112,8 +109,52 @@ - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -256,22 +297,13 @@ access="IS_AUTHENTICATED_ANONYMOUSLY" /> - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - Date: Thu, 19 Sep 2024 09:39:01 -0600 Subject: [PATCH 13/18] This should be rolled back --- .../core/utils/cache/redis/RedisClient.java | 37 ++++++++++++++++++- .../OrcidBeanClassLoaderAware.java | 35 ++++++++++++++++++ 2 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 orcid-web/src/main/java/org/orcid/frontend/spring/configuration/OrcidBeanClassLoaderAware.java diff --git a/orcid-core/src/main/java/org/orcid/core/utils/cache/redis/RedisClient.java b/orcid-core/src/main/java/org/orcid/core/utils/cache/redis/RedisClient.java index 4d62057301b..af240865262 100644 --- a/orcid-core/src/main/java/org/orcid/core/utils/cache/redis/RedisClient.java +++ b/orcid-core/src/main/java/org/orcid/core/utils/cache/redis/RedisClient.java @@ -4,6 +4,10 @@ import java.net.InetAddress; import java.net.SocketException; import java.net.UnknownHostException; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.Set; import javax.annotation.PostConstruct; import javax.annotation.Resource; @@ -31,7 +35,7 @@ public class RedisClient { private final String redisPassword; private final int cacheExpiryInSecs; private final int clientTimeoutInMillis; - private JedisPool pool; + public JedisPool pool; private SetParams defaultSetParams; @Resource @@ -67,7 +71,7 @@ public RedisClient(String redisHost, int redisPort, String password, int cacheEx @PostConstruct private void init() { try { - JedisClientConfig config = DefaultJedisClientConfig.builder().connectionTimeoutMillis(this.clientTimeoutInMillis).timeoutMillis(this.clientTimeoutInMillis) + JedisClientConfig config = DefaultJedisClientConfig.builder().connectionTimeoutMillis(this.clientTimeoutInMillis) .socketTimeoutMillis(this.clientTimeoutInMillis).password(this.redisPassword).ssl(true).build(); pool = new JedisPool(new HostAndPort(this.redisHost, this.redisPort), config); defaultSetParams = new SetParams().ex(this.cacheExpiryInSecs); @@ -141,4 +145,33 @@ public boolean remove(String key) { } return true; } + + public static void main(String [] args) { + RedisClient client = new RedisClient("reg-qa-redis-001.reg-qa-redis.3zksuc.use2.cache.amazonaws.com", 6379, "aVerySimpleToken"); + client.init(); + System.out.println("Connected"); + Jedis r = client.pool.getResource(); + + Set keys = r.keys("spring:session:sessions:*"); + + for(String key : keys) { + System.out.println("----------------------------------------------"); + System.out.println(key); + String keyType = r.type(key); + System.out.println(keyType); + if("hash".equals(keyType)) { + Map myMap = r.hgetAll(key); + for(String tkey : myMap.keySet()) { + System.out.println(tkey + ": " + myMap.get(tkey)); + } + } + if("string".equals(keyType)) { + System.out.println(key + ": " + r.get("key")); + } + System.out.println("----------------------------------------------"); + } + + + + } } diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/OrcidBeanClassLoaderAware.java b/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/OrcidBeanClassLoaderAware.java new file mode 100644 index 00000000000..4416b66085c --- /dev/null +++ b/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/OrcidBeanClassLoaderAware.java @@ -0,0 +1,35 @@ +package org.orcid.frontend.spring.configuration; + +import com.fasterxml.jackson.databind.ObjectMapper; +import org.springframework.beans.factory.BeanClassLoaderAware; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer; +import org.springframework.data.redis.serializer.RedisSerializer; +import org.springframework.security.jackson2.SecurityJackson2Modules; + +@Configuration +public class OrcidBeanClassLoaderAware implements BeanClassLoaderAware { + private ClassLoader loader; + + @Bean + public RedisSerializer springSessionDefaultRedisSerializer() { + return new GenericJackson2JsonRedisSerializer(objectMapper()); + } + + /** + * Customized {@link ObjectMapper} to add mix-in for class that doesn't have default + * constructors + * @return the {@link ObjectMapper} to use + */ + private ObjectMapper objectMapper() { + ObjectMapper mapper = new ObjectMapper(); + mapper.registerModules(SecurityJackson2Modules.getModules(this.loader)); + return mapper; + } + + @Override + public void setBeanClassLoader(ClassLoader classLoader) { + this.loader = classLoader; + } +} From 50456ef211e9181cdc3f9824d1a04211c2f90a3b Mon Sep 17 00:00:00 2001 From: amontenegro Date: Mon, 23 Sep 2024 16:27:06 -0600 Subject: [PATCH 14/18] Session is being loaded! --- .../v3/read_only/EmailManagerReadOnly.java | 4 +- .../impl/EmailManagerReadOnlyImpl.java | 13 +++- .../core/oauth/OrcidProfileUserDetails.java | 25 ++------ .../security/OrcidUserDetailsServiceImpl.java | 60 ++++++++--------- .../core/utils/SecurityContextTestUtils.java | 2 +- .../src/main/resources/ehcache_default.xml | 7 ++ .../main/resources/ehcache_orcid-api-web.xml | 7 ++ .../resources/ehcache_orcid-internal-api.xml | 7 ++ .../main/resources/ehcache_orcid-pub-web.xml | 9 ++- .../resources/ehcache_orcid-scheduler-web.xml | 9 ++- .../src/main/resources/ehcache_orcid-web.xml | 9 ++- .../security/OrcidUserDetailsServiceTest.java | 2 - .../web/controllers/BaseControllerUtil.java | 64 ++++++++++++++++++- .../web/controllers/HomeController.java | 10 ++- .../listener/LoginApplicationListener.java | 3 +- .../OrcidAuthenticationProviderTest.java | 4 +- .../web/controllers/AdminControllerTest.java | 2 +- .../controllers/ClientsControllerTest.java | 3 +- .../controllers/FundingsControllerTest.java | 2 +- .../controllers/GetMyDataControllerTest.java | 2 +- .../ManageMembersControllerTest.java | 2 +- .../ManageProfileControllerTest.java | 2 +- .../web/controllers/OrgControllerTest.java | 2 +- .../RegistrationControllerTest.java | 4 +- .../OAuthAuthorizeNotSignedInFilterTest.java | 2 +- .../frontend/web/util/BaseControllerTest.java | 2 +- 26 files changed, 174 insertions(+), 84 deletions(-) diff --git a/orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/EmailManagerReadOnly.java b/orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/EmailManagerReadOnly.java index 60865c6cc4e..4922d4e0f9d 100644 --- a/orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/EmailManagerReadOnly.java +++ b/orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/EmailManagerReadOnly.java @@ -37,7 +37,9 @@ public interface EmailManagerReadOnly extends ManagerReadOnlyBase { EmailEntity find(String email); - Email findPrimaryEmail(String orcid); + Email findPrimaryEmail(String orcid); + + String findPrimaryEmailValueFromCache(String orcid); EmailFrequencyOptions getEmailFrequencyOptions(); diff --git a/orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/impl/EmailManagerReadOnlyImpl.java b/orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/impl/EmailManagerReadOnlyImpl.java index 6dbf3888dd9..0f9b0e08a9f 100644 --- a/orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/impl/EmailManagerReadOnlyImpl.java +++ b/orcid-core/src/main/java/org/orcid/core/manager/v3/read_only/impl/EmailManagerReadOnlyImpl.java @@ -27,6 +27,7 @@ import org.orcid.utils.OrcidStringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.cache.annotation.Cacheable; /** * @@ -185,7 +186,17 @@ public Email findPrimaryEmail(String orcid) { } return jpaJaxbEmailAdapter.toEmail(emailDao.findPrimaryEmail(orcid)); } - + + @Override + @Cacheable("primary-email-value") + public String findPrimaryEmailValueFromCache(String orcid) { + if(PojoUtil.isEmpty(orcid)) { + return null; + } + EmailEntity entity = emailDao.findPrimaryEmail(orcid); + return entity.getEmail(); + } + @Override public boolean isUsersOnlyEmail(String orcid, String email) { List emails = emailDao.findByOrcid(orcid, getLastModified(orcid)); diff --git a/orcid-core/src/main/java/org/orcid/core/oauth/OrcidProfileUserDetails.java b/orcid-core/src/main/java/org/orcid/core/oauth/OrcidProfileUserDetails.java index e2ef41b699e..8cb455ceb24 100644 --- a/orcid-core/src/main/java/org/orcid/core/oauth/OrcidProfileUserDetails.java +++ b/orcid-core/src/main/java/org/orcid/core/oauth/OrcidProfileUserDetails.java @@ -13,26 +13,19 @@ public class OrcidProfileUserDetails implements UserDetails { private static final long serialVersionUID = 1L; - private String orcid; + private final String orcid; - private String primaryEmail; - - private String password; + private final String password; private Collection grantedAuthorities = new HashSet<>(); - public OrcidProfileUserDetails() { - } - - public OrcidProfileUserDetails(String orcid, String primaryEmail, String password) { + public OrcidProfileUserDetails(String orcid, String password) { this.orcid = orcid; - this.primaryEmail = primaryEmail; this.password = password; } - public OrcidProfileUserDetails(String orcid, String primaryEmail, String password, Collection grantedAuthorities) { + public OrcidProfileUserDetails(String orcid, String password, Collection grantedAuthorities) { this.orcid = orcid; - this.primaryEmail = primaryEmail; this.password = password; this.grantedAuthorities = grantedAuthorities; } @@ -122,10 +115,6 @@ public String getOrcid() { return orcid; } - public String getPrimaryEmail() { - return primaryEmail; - } - @Override public int hashCode() { final int prime = 31; @@ -133,7 +122,6 @@ public int hashCode() { result = prime * result + ((grantedAuthorities == null) ? 0 : grantedAuthorities.hashCode()); result = prime * result + ((orcid == null) ? 0 : orcid.hashCode()); result = prime * result + ((password == null) ? 0 : password.hashCode()); - result = prime * result + ((primaryEmail == null) ? 0 : primaryEmail.hashCode()); return result; } @@ -161,11 +149,6 @@ public boolean equals(Object obj) { return false; } else if (!password.equals(other.password)) return false; - if (primaryEmail == null) { - if (other.primaryEmail != null) - return false; - } else if (!primaryEmail.equals(other.primaryEmail)) - return false; return true; } diff --git a/orcid-core/src/main/java/org/orcid/core/security/OrcidUserDetailsServiceImpl.java b/orcid-core/src/main/java/org/orcid/core/security/OrcidUserDetailsServiceImpl.java index 9841f2c7c03..bcdfc327a1f 100644 --- a/orcid-core/src/main/java/org/orcid/core/security/OrcidUserDetailsServiceImpl.java +++ b/orcid-core/src/main/java/org/orcid/core/security/OrcidUserDetailsServiceImpl.java @@ -53,13 +53,13 @@ public class OrcidUserDetailsServiceImpl implements OrcidUserDetailsService { @Resource private EmailDao emailDao; - - @Resource(name = "emailManagerReadOnlyV3") - protected EmailManagerReadOnly emailManagerReadOnly; - + @Resource private OrcidSecurityManager securityMgr; + @Resource (name = "emailManagerReadOnlyV3") + private EmailManagerReadOnly emailManagerReadOnly; + @Value("${org.orcid.core.baseUri}") private String baseUrl; @@ -107,43 +107,19 @@ public OrcidProfileUserDetails loadUserByProfile(ProfileEntity profile) { } private OrcidProfileUserDetails createUserDetails(ProfileEntity profile) { - String primaryEmail = retrievePrimaryEmail(profile); - + String primaryEmail = retrievePrimaryEmail(profile.getId()); OrcidProfileUserDetails userDetails = null; if (profile.getOrcidType() != null) { OrcidType orcidType = OrcidType.valueOf(profile.getOrcidType()); - userDetails = new OrcidProfileUserDetails(profile.getId(), primaryEmail, profile.getEncryptedPassword(), buildAuthorities(orcidType, profile.getGroupType() != null ? MemberType.valueOf(profile.getGroupType()) : null)); + userDetails = new OrcidProfileUserDetails(profile.getId(), profile.getEncryptedPassword(), buildAuthorities(orcidType, profile.getGroupType() != null ? MemberType.valueOf(profile.getGroupType()) : null)); } else { - userDetails = new OrcidProfileUserDetails(profile.getId(), primaryEmail, profile.getEncryptedPassword()); + userDetails = new OrcidProfileUserDetails(profile.getId(), profile.getEncryptedPassword()); } return userDetails; } - private String retrievePrimaryEmail(ProfileEntity profile) { - String orcid = profile.getId(); - try { - return emailDao.findPrimaryEmail(orcid).getEmail(); - } catch (javax.persistence.NoResultException nre) { - String alternativePrimaryEmail = emailDao.findNewestVerifiedOrNewestEmail(profile.getId()); - emailDao.updatePrimary(orcid, alternativePrimaryEmail); - - String message = String.format("User with orcid %s have no primary email, so, we are setting the newest verified email, or, the newest email in case non is verified as the primary one", orcid); - LOGGER.error(message); - - return alternativePrimaryEmail; - } catch (javax.persistence.NonUniqueResultException nure) { - String alternativePrimaryEmail = emailDao.findNewestPrimaryEmail(profile.getId()); - emailDao.updatePrimary(orcid, alternativePrimaryEmail); - - String message = String.format("User with orcid %s have more than one primary email, so, we are setting the latest modified primary as the primary one", orcid); - LOGGER.error(message); - - return alternativePrimaryEmail; - } - } - private void checkStatuses(ProfileEntity profile) { if (profile.getPrimaryRecord() != null) { throw new DeprecatedProfileException("orcid.frontend.security.deprecated_with_primary", profile.getPrimaryRecord().getId(), profile.getId()); @@ -207,9 +183,25 @@ else if (orcidType.equals(OrcidType.GROUP)) { } private List rolesAsList(OrcidWebRole... roles) { - // Make a mutable list - List list = new ArrayList(Arrays.asList(roles)); - return list; + return new ArrayList(Arrays.asList(roles)); + } + @Deprecated(forRemoval = true) + private String retrievePrimaryEmail(String orcid) { + try { + return emailDao.findPrimaryEmail(orcid).getEmail(); + } catch (javax.persistence.NoResultException nre) { + String alternativePrimaryEmail = emailDao.findNewestVerifiedOrNewestEmail(orcid); + emailDao.updatePrimary(orcid, alternativePrimaryEmail); + String message = String.format("User with orcid %s have no primary email, so, we are setting the newest verified email, or, the newest email in case non is verified as the primary one", orcid); + LOGGER.error(message); + return alternativePrimaryEmail; + } catch (javax.persistence.NonUniqueResultException nure) { + String alternativePrimaryEmail = emailDao.findNewestPrimaryEmail(orcid); + emailDao.updatePrimary(orcid, alternativePrimaryEmail); + String message = String.format("User with orcid %s have more than one primary email, so, we are setting the latest modified primary as the primary one", orcid); + LOGGER.error(message); + return alternativePrimaryEmail; + } } } diff --git a/orcid-core/src/main/java/org/orcid/core/utils/SecurityContextTestUtils.java b/orcid-core/src/main/java/org/orcid/core/utils/SecurityContextTestUtils.java index 705212bafa9..943f19d36ab 100644 --- a/orcid-core/src/main/java/org/orcid/core/utils/SecurityContextTestUtils.java +++ b/orcid-core/src/main/java/org/orcid/core/utils/SecurityContextTestUtils.java @@ -124,7 +124,7 @@ static public void clearSecurityContext() { } static public void setupSecurityContextForWebUser(String userId, String email) { - OrcidProfileUserDetails details = new OrcidProfileUserDetails(userId, email, "password"); + OrcidProfileUserDetails details = new OrcidProfileUserDetails(userId, email); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(userId, "password"); auth.setDetails(details); SecurityContextImpl securityContext = new SecurityContextImpl(); diff --git a/orcid-core/src/main/resources/ehcache_default.xml b/orcid-core/src/main/resources/ehcache_default.xml index 4880c539ce2..16e65cd009f 100644 --- a/orcid-core/src/main/resources/ehcache_default.xml +++ b/orcid-core/src/main/resources/ehcache_default.xml @@ -294,6 +294,13 @@ 16 + + + + + 10 + + diff --git a/orcid-core/src/main/resources/ehcache_orcid-api-web.xml b/orcid-core/src/main/resources/ehcache_orcid-api-web.xml index 0d2cfddb0a6..bed700e4eb4 100644 --- a/orcid-core/src/main/resources/ehcache_orcid-api-web.xml +++ b/orcid-core/src/main/resources/ehcache_orcid-api-web.xml @@ -108,6 +108,13 @@ + + + + + 10 + + diff --git a/orcid-core/src/main/resources/ehcache_orcid-internal-api.xml b/orcid-core/src/main/resources/ehcache_orcid-internal-api.xml index f6dd9446114..94d8dee20e6 100644 --- a/orcid-core/src/main/resources/ehcache_orcid-internal-api.xml +++ b/orcid-core/src/main/resources/ehcache_orcid-internal-api.xml @@ -262,6 +262,13 @@ 64 + + + + + 10 + + diff --git a/orcid-core/src/main/resources/ehcache_orcid-pub-web.xml b/orcid-core/src/main/resources/ehcache_orcid-pub-web.xml index 743193dd174..a7e0c4821d1 100644 --- a/orcid-core/src/main/resources/ehcache_orcid-pub-web.xml +++ b/orcid-core/src/main/resources/ehcache_orcid-pub-web.xml @@ -108,7 +108,14 @@ - + + + + + 10 + + + diff --git a/orcid-core/src/main/resources/ehcache_orcid-scheduler-web.xml b/orcid-core/src/main/resources/ehcache_orcid-scheduler-web.xml index 9aa76231179..29aad9a2741 100644 --- a/orcid-core/src/main/resources/ehcache_orcid-scheduler-web.xml +++ b/orcid-core/src/main/resources/ehcache_orcid-scheduler-web.xml @@ -124,7 +124,14 @@ - + + + + + 10 + + + diff --git a/orcid-core/src/main/resources/ehcache_orcid-web.xml b/orcid-core/src/main/resources/ehcache_orcid-web.xml index 5ec3dbc86c4..968e488b408 100644 --- a/orcid-core/src/main/resources/ehcache_orcid-web.xml +++ b/orcid-core/src/main/resources/ehcache_orcid-web.xml @@ -140,7 +140,14 @@ - + + + + + 10 + + + diff --git a/orcid-core/src/test/java/org/orcid/core/security/OrcidUserDetailsServiceTest.java b/orcid-core/src/test/java/org/orcid/core/security/OrcidUserDetailsServiceTest.java index a30530479c1..0ada522208e 100644 --- a/orcid-core/src/test/java/org/orcid/core/security/OrcidUserDetailsServiceTest.java +++ b/orcid-core/src/test/java/org/orcid/core/security/OrcidUserDetailsServiceTest.java @@ -217,7 +217,6 @@ public void loadUserByProfile_MoreThanOnePrimaryAvailable() { assertNotNull(opud); opud.getUsername(); - assertEquals(email, opud.getPrimaryEmail()); assertEquals(ORCID, opud.getUsername()); } @@ -233,7 +232,6 @@ public void loadUserByProfile_NoPrimaryAvailable() { assertNotNull(opud); opud.getUsername(); - assertEquals(email, opud.getPrimaryEmail()); assertEquals(ORCID, opud.getUsername()); } diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/BaseControllerUtil.java b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/BaseControllerUtil.java index 179ad4408d2..3761f69060d 100644 --- a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/BaseControllerUtil.java +++ b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/BaseControllerUtil.java @@ -1,20 +1,78 @@ package org.orcid.frontend.web.controllers; import org.orcid.core.oauth.OrcidProfileUserDetails; +import org.orcid.core.security.OrcidWebRole; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; +import javax.management.relation.InvalidRoleValueException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + public class BaseControllerUtil { public OrcidProfileUserDetails getCurrentUser(SecurityContext context) { if (context == null) return null; Authentication authentication = context.getAuthentication(); - if ((authentication instanceof UsernamePasswordAuthenticationToken || authentication instanceof PreAuthenticatedAuthenticationToken) - && authentication.getDetails() instanceof OrcidProfileUserDetails) { - return ((OrcidProfileUserDetails) authentication.getDetails()); + Object details = authentication.getDetails(); + if ((authentication instanceof UsernamePasswordAuthenticationToken || authentication instanceof PreAuthenticatedAuthenticationToken)) { + if(authentication.getDetails() instanceof OrcidProfileUserDetails) { + return ((OrcidProfileUserDetails) authentication.getDetails()); + } else { + // From the authorization server we will get a + String orcid = authentication.getName(); + Collection authorities = authentication.getAuthorities(); + + List orcidAuthorities = new ArrayList(); + authorities.forEach(x -> { + switch (x.getAuthority()) { + case "ROLE_USER": + orcidAuthorities.add(OrcidWebRole.ROLE_USER); + break; + case "ROLE_ADMIN": + orcidAuthorities.add(OrcidWebRole.ROLE_ADMIN); + break; + case "ROLE_GROUP": + orcidAuthorities.add(OrcidWebRole.ROLE_GROUP); + break; + case "ROLE_BASIC": + orcidAuthorities.add(OrcidWebRole.ROLE_BASIC); + break; + case "ROLE_PREMIUM": + orcidAuthorities.add(OrcidWebRole.ROLE_PREMIUM); + break; + case "ROLE_BASIC_INSTITUTION": + orcidAuthorities.add(OrcidWebRole.ROLE_BASIC_INSTITUTION); + break; + case "ROLE_PREMIUM_INSTITUTION": + orcidAuthorities.add(OrcidWebRole.ROLE_PREMIUM_INSTITUTION); + break; + case "ROLE_CREATOR": + orcidAuthorities.add(OrcidWebRole.ROLE_CREATOR); + break; + case "ROLE_PREMIUM_CREATOR": + orcidAuthorities.add(OrcidWebRole.ROLE_PREMIUM_CREATOR); + break; + case "ROLE_UPDATER": + orcidAuthorities.add(OrcidWebRole.ROLE_UPDATER); + break; + case "ROLE_PREMIUM_UPDATER": + orcidAuthorities.add(OrcidWebRole.ROLE_PREMIUM_UPDATER); + break; + case "ROLE_SELF_SERVICE": + orcidAuthorities.add(OrcidWebRole.ROLE_SELF_SERVICE); + break; + default: + throw new RuntimeException("Unsupported orcid authority for" + orcid + ": '" + x.getAuthority() + "'"); + } + }); + return new OrcidProfileUserDetails(orcid, null, orcidAuthorities); + } } else { return null; } diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/HomeController.java b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/HomeController.java index e4831dafb13..93e54d12bab 100644 --- a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/HomeController.java +++ b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/HomeController.java @@ -19,12 +19,14 @@ import org.orcid.core.locale.LocaleManager; import org.orcid.core.manager.ProfileEntityCacheManager; import org.orcid.core.manager.v3.ProfileEntityManager; +import org.orcid.core.manager.v3.read_only.EmailManagerReadOnly; import org.orcid.core.oauth.OrcidProfileUserDetails; import org.orcid.core.security.OrcidWebRole; import org.orcid.core.stats.StatisticsManager; import org.orcid.core.togglz.Features; import org.orcid.core.utils.UTF8Control; import org.orcid.jaxb.model.common.AvailableLocales; +import org.orcid.jaxb.model.v3.release.record.Email; import org.orcid.persistence.jpa.entities.ProfileEntity; import org.orcid.pojo.PublicRecordPersonDetails; import org.orcid.pojo.UserStatus; @@ -79,7 +81,10 @@ public class HomeController extends BaseController { @Resource private StatisticsManager statisticsManager; - + + @Resource(name = "emailManagerReadOnlyV3") + protected EmailManagerReadOnly emailManagerReadOnly; + @RequestMapping(value = "/") public ModelAndView homeHandler(HttpServletRequest request) { ModelAndView mav = new ModelAndView("home"); @@ -177,7 +182,8 @@ private void removeJSessionIdCookie(HttpServletRequest request, HttpServletRespo // REAL_USER_ORCID = EFFECTIVE_USER_ORCID unless it is in delegation mode info.put("EFFECTIVE_USER_ORCID", effectiveOrcid); info.put("IN_DELEGATION_MODE", String.valueOf(!effectiveOrcid.equals(realUserOrcid))); - info.put("PRIMARY_EMAIL", userDetails.getPrimaryEmail()); + //TODO: Do we need the primary email in the user info? + info.put("PRIMARY_EMAIL", emailManagerReadOnly.findPrimaryEmailValueFromCache(effectiveOrcid)); info.put("HAS_VERIFIED_EMAIL", String.valueOf(emailManagerReadOnly.haveAnyEmailVerified(effectiveOrcid))); info.put("IS_PRIMARY_EMAIL_VERIFIED", String.valueOf(emailManagerReadOnly.isPrimaryEmailVerified(effectiveOrcid))); for(OrcidWebRole role : userDetails.getAuthorities()) { diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/listener/LoginApplicationListener.java b/orcid-web/src/main/java/org/orcid/frontend/web/listener/LoginApplicationListener.java index b05e2f4099d..414c53d0b3b 100644 --- a/orcid-web/src/main/java/org/orcid/frontend/web/listener/LoginApplicationListener.java +++ b/orcid-web/src/main/java/org/orcid/frontend/web/listener/LoginApplicationListener.java @@ -32,9 +32,8 @@ public void onApplicationEvent(ApplicationEvent event) { if (principal instanceof OrcidProfileUserDetails) { OrcidProfileUserDetails userDetails = (OrcidProfileUserDetails) principal; String orcid = userDetails.getOrcid(); - String email = userDetails.getPrimaryEmail(); String sessionId = RequestContextHolder.currentRequestAttributes().getSessionId(); - LOGGER.info("User logged in with orcid={}, email={}, sessionid={}", new Object[] { orcid, email, sessionId }); + LOGGER.info("User logged in with orcid={}, sessionid={}", new Object[] { orcid, sessionId }); } } } diff --git a/orcid-web/src/test/java/org/orcid/frontend/spring/OrcidAuthenticationProviderTest.java b/orcid-web/src/test/java/org/orcid/frontend/spring/OrcidAuthenticationProviderTest.java index 2f6bcb69620..78785b90110 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/spring/OrcidAuthenticationProviderTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/spring/OrcidAuthenticationProviderTest.java @@ -61,7 +61,7 @@ public void before() { @Override public UserDetails answer(InvocationOnMock invocation) throws Throwable { - return new OrcidProfileUserDetails((String) invocation.getArgument(0), "user@email.com", "password"); + return new OrcidProfileUserDetails((String) invocation.getArgument(0), "password"); } }); @@ -82,7 +82,7 @@ public HashSet answer(InvocationOnMock invocation) throws Thro @Override public OrcidProfileUserDetails answer(InvocationOnMock invocation) throws Throwable { ProfileEntity p = (ProfileEntity) invocation.getArgument(0); - return new OrcidProfileUserDetails(p.getId(), "email", p.getEncryptedPassword()); + return new OrcidProfileUserDetails(p.getId(), p.getEncryptedPassword()); } }); diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/AdminControllerTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/AdminControllerTest.java index 519493b405c..6025ba58f6c 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/AdminControllerTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/AdminControllerTest.java @@ -197,7 +197,7 @@ protected Authentication getAuthentication() { Email e = emailManager.findPrimaryEmail(orcid); List roles = getRole(); OrcidProfileUserDetails details = new OrcidProfileUserDetails(orcid, - e.getEmail(), null, roles); + null, roles); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(orcid, p.getPassword(), getRole()); auth.setDetails(details); return auth; diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ClientsControllerTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ClientsControllerTest.java index f8edafa1a9a..006bfe9ad6f 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ClientsControllerTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ClientsControllerTest.java @@ -61,8 +61,7 @@ public static void removeDBUnitData() throws Exception { @Override protected Authentication getAuthentication() { - OrcidProfileUserDetails details = new OrcidProfileUserDetails("5555-5555-5555-5558", "5555-5555-5555-5558@user.com", - "e9adO9I4UpBwqI5tGR+qDodvAZ7mlcISn+T+kyqXPf2Z6PPevg7JijqYr6KGO8VOskOYqVOEK2FEDwebxWKGDrV/TQ9gRfKWZlzxssxsOnA="); + OrcidProfileUserDetails details = new OrcidProfileUserDetails("5555-5555-5555-5558", "e9adO9I4UpBwqI5tGR+qDodvAZ7mlcISn+T+kyqXPf2Z6PPevg7JijqYr6KGO8VOskOYqVOEK2FEDwebxWKGDrV/TQ9gRfKWZlzxssxsOnA="); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("5555-5555-5555-5558", null, Arrays.asList(OrcidWebRole.ROLE_PREMIUM_INSTITUTION)); diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/FundingsControllerTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/FundingsControllerTest.java index 711dd988f02..dfb48c60831 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/FundingsControllerTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/FundingsControllerTest.java @@ -91,7 +91,7 @@ protected Authentication getAuthentication() { Email e = emailManagerReadOnly.findPrimaryEmail(orcid); List roles = Arrays.asList(OrcidWebRole.ROLE_USER); OrcidProfileUserDetails details = new OrcidProfileUserDetails(orcid, - e.getEmail(), null, roles); + null, roles); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(orcid, p.getPassword(), roles); auth.setDetails(details); return auth; diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/GetMyDataControllerTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/GetMyDataControllerTest.java index 1a008b43069..6d69ea0889c 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/GetMyDataControllerTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/GetMyDataControllerTest.java @@ -475,7 +475,7 @@ private void validateOrg(OrganizationHolder oh) { private Authentication getAuthentication() { List roles = Arrays.asList(OrcidWebRole.ROLE_USER); - OrcidProfileUserDetails details = new OrcidProfileUserDetails(ORCID, "user_1@test.orcid.org", null, roles); + OrcidProfileUserDetails details = new OrcidProfileUserDetails(ORCID, null, roles); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(ORCID, null, roles); auth.setDetails(details); return auth; diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ManageMembersControllerTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ManageMembersControllerTest.java index 77b4ce21812..5ac40271d15 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ManageMembersControllerTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ManageMembersControllerTest.java @@ -128,7 +128,7 @@ public static void afterClass() throws Exception { protected Authentication getAuthentication() { String orcid = "4444-4444-4444-4440"; OrcidProfileUserDetails details = new OrcidProfileUserDetails(orcid, - "admin@user.com", null, Arrays.asList(OrcidWebRole.ROLE_ADMIN)); + null, Arrays.asList(OrcidWebRole.ROLE_ADMIN)); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(orcid, "password", Arrays.asList(OrcidWebRole.ROLE_ADMIN)); auth.setDetails(details); return auth; diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ManageProfileControllerTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ManageProfileControllerTest.java index a89a4fa8d3a..bf9c3a7dba1 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ManageProfileControllerTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/ManageProfileControllerTest.java @@ -1119,7 +1119,7 @@ public void testEditEmail_primaryEmailChange() { protected Authentication getAuthentication(String orcid) { List roles = Arrays.asList(OrcidWebRole.ROLE_USER); - OrcidProfileUserDetails details = new OrcidProfileUserDetails(orcid, "user_1@test.orcid.org", null, roles); + OrcidProfileUserDetails details = new OrcidProfileUserDetails(orcid, null, roles); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(orcid, null, roles); auth.setDetails(details); return auth; diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/OrgControllerTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/OrgControllerTest.java index 28580a10d50..95f2f2562ed 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/OrgControllerTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/OrgControllerTest.java @@ -62,7 +62,7 @@ protected Authentication getAuthentication() { Email e = emailManagerReadOnly.findPrimaryEmail(orcid); List roles = Arrays.asList(OrcidWebRole.ROLE_USER); OrcidProfileUserDetails details = new OrcidProfileUserDetails(orcid, - e.getEmail(), null, roles); + null, roles); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(orcid, p.getPassword(), roles); auth.setDetails(details); return auth; diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/RegistrationControllerTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/RegistrationControllerTest.java index 568c3c4c009..bf0ae30210e 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/controllers/RegistrationControllerTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/controllers/RegistrationControllerTest.java @@ -163,7 +163,7 @@ public ProfileEntity answer(InvocationOnMock invocation) throws Throwable { when(orcidUserDetailsServiceMock.loadUserByProfile(Mockito.any(ProfileEntity.class))).thenAnswer(new Answer() { @Override public OrcidProfileUserDetails answer(InvocationOnMock invocation) throws Throwable { - return new OrcidProfileUserDetails("0000-0000-0000-0000", "user_1@test.orcid.org", "pwd"); + return new OrcidProfileUserDetails("0000-0000-0000-0000", "pwd"); } }); @@ -171,7 +171,7 @@ public OrcidProfileUserDetails answer(InvocationOnMock invocation) throws Throwa @Override public UsernamePasswordAuthenticationToken answer(InvocationOnMock invocation) throws Throwable { UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("0000-0000-0000-0000", "pwd", Arrays.asList(OrcidWebRole.ROLE_USER)); - auth.setDetails(new OrcidProfileUserDetails("0000-0000-0000-0000", "user_1@test.orcid.org", "pwd")); + auth.setDetails(new OrcidProfileUserDetails("0000-0000-0000-0000", "pwd")); return auth; } }); diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/filter/OAuthAuthorizeNotSignedInFilterTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/filter/OAuthAuthorizeNotSignedInFilterTest.java index f9a8371612f..ac008d996be 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/filter/OAuthAuthorizeNotSignedInFilterTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/filter/OAuthAuthorizeNotSignedInFilterTest.java @@ -121,7 +121,7 @@ public void hasOrcidProfileUserDetails() throws IOException, ServletException { when(request.getRequestURI()).thenReturn("http://test.com/oauth/authorize"); when(request.getQueryString()).thenReturn("test_param=param"); when(request.getSession()).thenReturn(session); - when(usernamePasswordAuthenticationToken.getDetails()).thenReturn(new OrcidProfileUserDetails()); + when(usernamePasswordAuthenticationToken.getDetails()).thenReturn(new OrcidProfileUserDetails("", null)); when(request.getSession(false)).thenReturn(session); when(session.getAttribute("SPRING_SECURITY_CONTEXT")).thenReturn(context); when(context.getAuthentication()).thenReturn(usernamePasswordAuthenticationToken); diff --git a/orcid-web/src/test/java/org/orcid/frontend/web/util/BaseControllerTest.java b/orcid-web/src/test/java/org/orcid/frontend/web/util/BaseControllerTest.java index 07671d608e3..b815c928e1e 100644 --- a/orcid-web/src/test/java/org/orcid/frontend/web/util/BaseControllerTest.java +++ b/orcid-web/src/test/java/org/orcid/frontend/web/util/BaseControllerTest.java @@ -65,7 +65,7 @@ protected Authentication getAuthentication(String orcid) { Email e = emailManagerReadOnly.findPrimaryEmail(orcid); List roles = Arrays.asList(OrcidWebRole.ROLE_USER); OrcidProfileUserDetails details = new OrcidProfileUserDetails(orcid, - e.getEmail(), null, roles); + null, roles); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(orcid, p.getPassword(), roles); auth.setDetails(details); return auth; From 96183519509ed55f0c5dfb6588b4cc77abd0d043 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Tue, 15 Oct 2024 17:41:30 -0600 Subject: [PATCH 15/18] Adding attributes to the auth code table and more --- .../core/common/util/AuthenticationUtils.java | 26 +++++++++++++++++++ .../core/manager/impl/SourceManagerImpl.java | 20 ++++---------- .../manager/v3/impl/SourceManagerImpl.java | 22 +++++----------- ...uthoriziation_code_detail_improvements.xml | 15 +++++++++-- .../configuration/SessionCacheConfig.java | 24 ++++++++++++++--- .../session/OrcidRedisSessionRepository.java | 12 --------- 6 files changed, 70 insertions(+), 49 deletions(-) create mode 100644 orcid-core/src/main/java/org/orcid/core/common/util/AuthenticationUtils.java delete mode 100644 orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java diff --git a/orcid-core/src/main/java/org/orcid/core/common/util/AuthenticationUtils.java b/orcid-core/src/main/java/org/orcid/core/common/util/AuthenticationUtils.java new file mode 100644 index 00000000000..b86d78dc31d --- /dev/null +++ b/orcid-core/src/main/java/org/orcid/core/common/util/AuthenticationUtils.java @@ -0,0 +1,26 @@ +package org.orcid.core.common.util; + +import org.apache.commons.lang3.StringUtils; +import org.orcid.core.oauth.OrcidProfileUserDetails; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; + +public class AuthenticationUtils { + + public static String retrieveEffectiveOrcid() { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + if (authentication.getDetails() != null) { + if(OrcidProfileUserDetails.class.isAssignableFrom(authentication.getDetails().getClass())) { + return ((OrcidProfileUserDetails) authentication.getDetails()).getOrcid(); + } else { + // From the authorization server we will get the effective user from authentication.getName() + String orcid = authentication.getName(); + if(StringUtils.isNotBlank(orcid)) { + return orcid; + } + } + } + return null; + } + +} diff --git a/orcid-core/src/main/java/org/orcid/core/manager/impl/SourceManagerImpl.java b/orcid-core/src/main/java/org/orcid/core/manager/impl/SourceManagerImpl.java index a2c2a194249..9c85ca7e32a 100644 --- a/orcid-core/src/main/java/org/orcid/core/manager/impl/SourceManagerImpl.java +++ b/orcid-core/src/main/java/org/orcid/core/manager/impl/SourceManagerImpl.java @@ -4,6 +4,7 @@ import javax.annotation.Resource; +import org.orcid.core.common.util.AuthenticationUtils; import org.orcid.core.manager.ClientDetailsManager; import org.orcid.core.manager.SourceManager; import org.orcid.core.manager.SourceNameCacheManager; @@ -50,7 +51,7 @@ public String retrieveSourceOrcid() { return authorizationRequest.getClientId(); } // Normal web user - return retrieveEffectiveOrcid(authentication); + return AuthenticationUtils.retrieveEffectiveOrcid(); } @Override @@ -73,7 +74,7 @@ public SourceEntity retrieveSourceEntity() { return sourceEntity; } - String userOrcid = retrieveEffectiveOrcid(authentication); + String userOrcid = AuthenticationUtils.retrieveEffectiveOrcid(); if(userOrcid == null){ // Must be system role return null; @@ -86,17 +87,6 @@ public SourceEntity retrieveSourceEntity() { return sourceEntity; } - private String retrieveEffectiveOrcid(Authentication authentication) { - if (authentication.getDetails() != null && OrcidProfileUserDetails.class.isAssignableFrom(authentication.getDetails().getClass())) { - return ((OrcidProfileUserDetails) authentication.getDetails()).getOrcid(); - } - return null; - } - - private String retrieveEffectiveOrcid() { - return retrieveEffectiveOrcid(SecurityContextHolder.getContext().getAuthentication()); - } - @Override public boolean isInDelegationMode() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); @@ -104,7 +94,7 @@ public boolean isInDelegationMode() { if (realUserOrcid == null) { return false; } - return !retrieveEffectiveOrcid().equals(realUserOrcid); + return !AuthenticationUtils.retrieveEffectiveOrcid().equals(realUserOrcid); } @Override @@ -124,7 +114,7 @@ public String retrieveRealUserOrcid() { return realUserIfInDelegationMode; } // Normal web user - return retrieveEffectiveOrcid(authentication); + return AuthenticationUtils.retrieveEffectiveOrcid(); } private String getRealUserIfInDelegationMode(Authentication authentication) { diff --git a/orcid-core/src/main/java/org/orcid/core/manager/v3/impl/SourceManagerImpl.java b/orcid-core/src/main/java/org/orcid/core/manager/v3/impl/SourceManagerImpl.java index 00982b8ce83..16d58075003 100644 --- a/orcid-core/src/main/java/org/orcid/core/manager/v3/impl/SourceManagerImpl.java +++ b/orcid-core/src/main/java/org/orcid/core/manager/v3/impl/SourceManagerImpl.java @@ -5,6 +5,7 @@ import javax.annotation.Resource; import org.apache.commons.lang3.StringUtils; +import org.orcid.core.common.util.AuthenticationUtils; import org.orcid.core.manager.ClientDetailsManager; import org.orcid.core.manager.SourceNameCacheManager; import org.orcid.core.manager.v3.SourceManager; @@ -68,7 +69,7 @@ public String retrieveActiveSourceId() { return authorizationRequest.getClientId(); } // Normal web user - return retrieveEffectiveOrcid(authentication); + return AuthenticationUtils.retrieveEffectiveOrcid(); } /** This should be used by managers that need active Source information, including OBO. @@ -106,7 +107,7 @@ public Source retrieveActiveSource() { } return source; } - String userOrcid = retrieveEffectiveOrcid(authentication); + String userOrcid = AuthenticationUtils.retrieveEffectiveOrcid(); if(userOrcid == null){ // Must be system role return null; @@ -137,7 +138,7 @@ public SourceEntity retrieveActiveSourceEntity() { sourceEntity.setSourceClient(new ClientDetailsEntity(clientId, clientDetails.getClientName())); return sourceEntity; } - String userOrcid = retrieveEffectiveOrcid(authentication); + String userOrcid = AuthenticationUtils.retrieveEffectiveOrcid(); if(userOrcid == null){ // Must be system role return null; @@ -150,17 +151,6 @@ public SourceEntity retrieveActiveSourceEntity() { return sourceEntity; } - private String retrieveEffectiveOrcid(Authentication authentication) { - if (authentication.getDetails() != null && OrcidProfileUserDetails.class.isAssignableFrom(authentication.getDetails().getClass())) { - return ((OrcidProfileUserDetails) authentication.getDetails()).getOrcid(); - } - return null; - } - - private String retrieveEffectiveOrcid() { - return retrieveEffectiveOrcid(SecurityContextHolder.getContext().getAuthentication()); - } - @Override public boolean isInDelegationMode() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); @@ -168,7 +158,7 @@ public boolean isInDelegationMode() { if (realUserOrcid == null) { return false; } - return !retrieveEffectiveOrcid().equals(realUserOrcid); + return !AuthenticationUtils.retrieveEffectiveOrcid().equals(realUserOrcid); } @Override @@ -188,7 +178,7 @@ public String retrieveRealUserOrcid() { return realUserIfInDelegationMode; } // Normal web user - return retrieveEffectiveOrcid(authentication); + return AuthenticationUtils.retrieveEffectiveOrcid(); } private String getRealUserIfInDelegationMode(Authentication authentication) { diff --git a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml index 08e30b962da..9a470dcd3e8 100644 --- a/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml +++ b/orcid-persistence/src/main/resources/db/updates/oauth2_authoriziation_code_detail_improvements.xml @@ -46,7 +46,7 @@ - + @@ -57,7 +57,7 @@ - + @@ -68,4 +68,15 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java b/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java index ef9a1020282..5519909e0ca 100644 --- a/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java +++ b/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java @@ -1,16 +1,21 @@ package org.orcid.frontend.spring.configuration; +import org.apache.commons.pool2.impl.GenericObjectPoolConfig; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.connection.RedisStandaloneConfiguration; import org.springframework.data.redis.connection.jedis.JedisClientConfiguration; import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; +import org.springframework.data.redis.core.RedisOperations; +import org.springframework.data.redis.core.RedisTemplate; +import org.springframework.data.redis.serializer.StringRedisSerializer; +import org.springframework.session.FlushMode; +import org.springframework.session.SaveMode; +import org.springframework.session.data.redis.RedisSessionRepository; import org.springframework.session.data.redis.config.ConfigureRedisAction; import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession; import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer; -import redis.clients.jedis.DefaultJedisClientConfig; -import redis.clients.jedis.JedisClientConfig; import java.time.Duration; @@ -18,6 +23,13 @@ @EnableRedisHttpSession public class SessionCacheConfig extends AbstractHttpSessionApplicationInitializer { + @Value("${org.orcid.core.utils.cache.redis.pool.idle.max:30}") + private int poolIdleMax; + @Value("${org.orcid.core.utils.cache.redis.pool.max:300}") + private int poolMax; + @Value("${org.orcid.core.utils.cache.redis.pool.wait.millis:2000}") + private int poolWaitMillis; + @Value("${org.orcid.core.utils.cache.redis.host}") private String host; @Value("${org.orcid.core.utils.cache.redis.port}") @@ -27,7 +39,6 @@ public class SessionCacheConfig extends AbstractHttpSessionApplicationInitialize @Value("${org.orcid.core.utils.cache.redis.connection_timeout_millis:10000}") private int connectionTimeoutMillis; - @Bean public JedisConnectionFactory connectionFactory() { Duration timeoutDuration = Duration.ofMillis(connectionTimeoutMillis); @@ -37,8 +48,13 @@ public JedisConnectionFactory connectionFactory() { redisStandaloneConfiguration.setPort(port); redisStandaloneConfiguration.setPassword(password); + GenericObjectPoolConfig poolConfig = new GenericObjectPoolConfig(); + poolConfig.setMaxIdle(this.poolIdleMax); + poolConfig.setMaxTotal(this.poolMax); + poolConfig.setMaxWaitMillis(this.poolWaitMillis); + JedisClientConfiguration.JedisClientConfigurationBuilder jedisClientConfigurationBuilder = JedisClientConfiguration.builder(); - jedisClientConfigurationBuilder.useSsl().and().connectTimeout(timeoutDuration).build(); + jedisClientConfigurationBuilder.useSsl().and().connectTimeout(timeoutDuration).usePooling().poolConfig(poolConfig).build(); return new JedisConnectionFactory(redisStandaloneConfiguration, jedisClientConfigurationBuilder.build()); } diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java b/orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java deleted file mode 100644 index 3db4949d031..00000000000 --- a/orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.orcid.frontend.spring.session; - -import org.springframework.data.redis.core.RedisOperations; -import org.springframework.session.data.redis.RedisSessionRepository; - -public class OrcidRedisSessionRepository extends RedisSessionRepository { - - public OrcidRedisSessionRepository(RedisOperations sessionRedisOperations) { - super(sessionRedisOperations); - } - -} From b4ce759908c47b094f1b676f9ba5c9b43631b98e Mon Sep 17 00:00:00 2001 From: amontenegro Date: Mon, 28 Oct 2024 11:48:58 -0600 Subject: [PATCH 16/18] Remove state column --- .../orcid/persistence/jpa/entities/OrcidOauth2TokenDetail.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/orcid-persistence/src/main/java/org/orcid/persistence/jpa/entities/OrcidOauth2TokenDetail.java b/orcid-persistence/src/main/java/org/orcid/persistence/jpa/entities/OrcidOauth2TokenDetail.java index a3d008574f8..98b04f3afb1 100644 --- a/orcid-persistence/src/main/java/org/orcid/persistence/jpa/entities/OrcidOauth2TokenDetail.java +++ b/orcid-persistence/src/main/java/org/orcid/persistence/jpa/entities/OrcidOauth2TokenDetail.java @@ -139,7 +139,7 @@ public void setResponseType(String responseType) { this.responseType = responseType; } - @Column(name = "state", length = 40) + public String getState() { return state; } From 3d522133036c92167332b1be49570024d997e276 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Tue, 29 Oct 2024 15:20:23 -0600 Subject: [PATCH 17/18] Add mixin for string array --- .../configuration/OrcidBeanClassLoaderAware.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/OrcidBeanClassLoaderAware.java b/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/OrcidBeanClassLoaderAware.java index 4416b66085c..0c6d7a4a81b 100644 --- a/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/OrcidBeanClassLoaderAware.java +++ b/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/OrcidBeanClassLoaderAware.java @@ -1,11 +1,14 @@ package org.orcid.frontend.spring.configuration; +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonTypeInfo; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.beans.factory.BeanClassLoaderAware; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer; import org.springframework.data.redis.serializer.RedisSerializer; +import org.springframework.security.jackson2.CoreJackson2Module; import org.springframework.security.jackson2.SecurityJackson2Modules; @Configuration @@ -25,6 +28,8 @@ public RedisSerializer springSessionDefaultRedisSerializer() { private ObjectMapper objectMapper() { ObjectMapper mapper = new ObjectMapper(); mapper.registerModules(SecurityJackson2Modules.getModules(this.loader)); + mapper.registerModules(new CoreJackson2Module()); + mapper.addMixIn(String[].class, StringArrayMixin.class); return mapper; } @@ -32,4 +37,13 @@ private ObjectMapper objectMapper() { public void setBeanClassLoader(ClassLoader classLoader) { this.loader = classLoader; } + + @JsonTypeInfo( + use = JsonTypeInfo.Id.CLASS + ) + abstract class StringArrayMixin { + @JsonCreator + StringArrayMixin(String[] array) { + } + } } From 1eb2a9c2af9339007dc8f9d3b7c36b9e3b0df445 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Tue, 29 Oct 2024 16:06:19 -0600 Subject: [PATCH 18/18] We should not store notificaitons information in the Session --- .../controllers/NotificationController.java | 33 +++++++------------ .../web/controllers/helper/UserSession.java | 31 ----------------- .../resources/orcid-frontend-web-servlet.xml | 6 +--- 3 files changed, 12 insertions(+), 58 deletions(-) delete mode 100644 orcid-web/src/main/java/org/orcid/frontend/web/controllers/helper/UserSession.java diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/NotificationController.java b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/NotificationController.java index 13fa7af4b51..d67e37f2fce 100644 --- a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/NotificationController.java +++ b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/NotificationController.java @@ -10,6 +10,8 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang3.StringUtils; +import org.ehcache.UserManagedCache; +import org.ehcache.config.builders.UserManagedCacheBuilder; import org.orcid.core.common.manager.EmailFrequencyManager; import org.orcid.core.manager.ClientDetailsEntityCacheManager; import org.orcid.core.manager.EncryptionManager; @@ -18,7 +20,6 @@ import org.orcid.core.manager.v3.NotificationManager; import org.orcid.core.manager.v3.read_only.EmailManagerReadOnly; import org.orcid.core.oauth.OrcidProfileUserDetails; -import org.orcid.frontend.web.controllers.helper.UserSession; import org.orcid.jaxb.model.v3.release.common.Source; import org.orcid.jaxb.model.v3.release.common.SourceClientId; import org.orcid.jaxb.model.v3.release.notification.Notification; @@ -55,9 +56,6 @@ public class NotificationController extends BaseController { @Resource private ClientDetailsEntityCacheManager clientDetailsEntityCacheManager; - @Resource - private UserSession userSession; - @Resource private PreferenceManager preferenceManager; @@ -75,6 +73,13 @@ public ModelAndView getNotifications() { return new ModelAndView("notifications"); } + UserManagedCache isObsoleteNotificationAlertsCheckDone = + UserManagedCacheBuilder.newUserManagedCacheBuilder(String.class, Boolean.class).build(true); + + public void shutdown() { + isObsoleteNotificationAlertsCheckDone.close(); + } + @RequestMapping("/notifications.json") public @ResponseBody List getNotificationsJson(@RequestParam(value = "firstResult", defaultValue = "0") int firstResult, @RequestParam(value = "maxResults", defaultValue = "10") int maxResults, @@ -88,20 +93,10 @@ public ModelAndView getNotifications() { return notifications; } - @RequestMapping("/notification-alerts.json") - public @ResponseBody List getNotificationAlertJson() { - String currentOrcid = getCurrentUserOrcid(); - List notifications = notificationManager.findNotificationAlertsByOrcid(currentOrcid); - notifications = archiveObsoleteNotifications(currentOrcid, notifications); - notifications = notifications.stream().filter(n -> !userSession.getSuppressedNotificationAlertIds().contains(n.getPutCode())).collect(Collectors.toList()); - addSubjectToNotifications(notifications); - return notifications; - } - private List archiveObsoleteNotifications(String currentOrcid, List notifications) { - if (!userSession.isObsoleteNotificationAlertsCheckDone()) { + if (!isObsoleteNotificationAlertsCheckDone.containsKey(currentOrcid)) { notifications = notificationManager.filterActionedNotificationAlerts(notifications, currentOrcid); - userSession.setObsoleteNotificationAlertsCheckDone(true); + isObsoleteNotificationAlertsCheckDone.putIfAbsent(currentOrcid, Boolean.TRUE); } return notifications; } @@ -197,12 +192,6 @@ public ModelAndView executeAction(@PathVariable("encryptedId") String encryptedI notificationManager.setActionedAndReadDate(notificationOrcid, id); return new ModelAndView("redirect:" + redirectUrl); } - - @RequestMapping(value = "{id}/suppressAlert.json") - public @ResponseBody void suppressAlert(HttpServletResponse response, @PathVariable("id") String id) { - userSession.getSuppressedNotificationAlertIds().add(Long.valueOf(id)); - response.addHeader("X-Robots-Tag", "noindex"); - } @RequestMapping(value = "/frequencies/view", method = RequestMethod.GET) public @ResponseBody Map getNotificationFrequencies() { diff --git a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/helper/UserSession.java b/orcid-web/src/main/java/org/orcid/frontend/web/controllers/helper/UserSession.java deleted file mode 100644 index 036f9b46144..00000000000 --- a/orcid-web/src/main/java/org/orcid/frontend/web/controllers/helper/UserSession.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.orcid.frontend.web.controllers.helper; - -import java.util.HashSet; -import java.util.Set; - -/** - * - * @author Will Simpson - * - */ -public class UserSession { - - private Set suppressedNotificationAlertIds; - private boolean obsoleteNotificationAlertsCheckDone; - - public Set getSuppressedNotificationAlertIds() { - if (suppressedNotificationAlertIds == null) { - suppressedNotificationAlertIds = new HashSet<>(); - } - return suppressedNotificationAlertIds; - } - - public boolean isObsoleteNotificationAlertsCheckDone() { - return obsoleteNotificationAlertsCheckDone; - } - - public void setObsoleteNotificationAlertsCheckDone(boolean obsoleteNotificationAlertsCheckDone) { - this.obsoleteNotificationAlertsCheckDone = obsoleteNotificationAlertsCheckDone; - } - -} diff --git a/orcid-web/src/main/resources/orcid-frontend-web-servlet.xml b/orcid-web/src/main/resources/orcid-frontend-web-servlet.xml index 7f741b825ae..0bc9bdc2ff3 100644 --- a/orcid-web/src/main/resources/orcid-frontend-web-servlet.xml +++ b/orcid-web/src/main/resources/orcid-frontend-web-servlet.xml @@ -79,11 +79,7 @@ - - - - - +