Google Authenticaition support

2022-12-13 02:36:58 +00:00
parent d88e655eee
commit 2592d338bb
36 changed files with 943 additions and 97 deletions
--- a/wise-webapp/src/main/webapp/WEB-INF/app.properties
+++ b/wise-webapp/src/main/webapp/WEB-INF/app.properties
@@ -139,6 +139,17 @@ security.ldap.firstName.attribute=givenName
 # Coma separated list of domains and emails ban
 #accounts.exclusion.domain=

-
-
+# google will redirect to this url, this url must be configured in the google app
+#  {baseurl}/c/registration-google
+google.oauth2.callbackUrl=https://wisemapping.com/c/registration-google
+# google app client id
+google.oauth2.clientId=
+# google app client secret
+google.oauth2.clientSecret=
+# google service for finish registration process, ie. exchange temporal code for user token
+google.oauth2.confirmUrl=https://oauth2.googleapis.com/token
+# google service for get user data (name, email, etc)
+google.oauth2.userinfoUrl=https://www.googleapis.com/oauth2/v3/userinfo
+# url for starting auth process with google
+google.oauth2.url=https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=${google.oauth2.callbackUrl}&prompt=consent&response_type=code&client_id=${google.oauth2.clientId}&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&access_type=offline&state=wisemapping&include_granted_scopes=true

--- a/wise-webapp/src/main/webapp/WEB-INF/defs/definitions.xml
+++ b/wise-webapp/src/main/webapp/WEB-INF/defs/definitions.xml
@@ -8,6 +8,7 @@

    <definition name="login" template="/jsp/reactInclude.jsp"/>
    <definition name="registration" template="/jsp/reactInclude.jsp"/>
+    <definition name="registration-google" template="/jsp/reactInclude.jsp"/>
    <definition name="forgot-password" template="/jsp/reactInclude.jsp"/>
    <definition name="mindmapList" template="/jsp/reactInclude.jsp"/>

--- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security-db.xml
+++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security-db.xml
@@ -11,7 +11,8 @@
    <bean id="passwordEncoder" class="com.wisemapping.security.DefaultPasswordEncoderFactories" factory-method="createDelegatingPasswordEncoder"/>

    <sec:authentication-manager alias="authenticationManager">
-        <sec:authentication-provider ref="dbAuthenticationProvider"/>
+        <sec:authentication-provider ref="dbAuthenticationProvider" />
+        <sec:authentication-provider ref="googleAuthenticationProvider" />
        <sec:authentication-provider user-service-ref="userDetailsService"/>
    </sec:authentication-manager>

@@ -19,4 +20,7 @@
        <property name="userDetailsService" ref="userDetailsService"/>
        <property name="encoder" ref="passwordEncoder"/>
    </bean>
+    <bean id="googleAuthenticationProvider" class="com.wisemapping.security.GoogleAuthenticationProvider">
+        <property name="userDetailsService" ref="userDetailsService"/>
+    </bean>
 </beans>
--- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml
+++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml
@@ -3,12 +3,12 @@
 <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
+	   xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security.xsd">

-    <bean id="custom-firewall" class="org.springframework.security.web.firewall.StrictHttpFirewall">
+	<bean id="custom-firewall" class="org.springframework.security.web.firewall.StrictHttpFirewall">
        <property name="allowSemicolon" value="true"/>
    </bean>

@@ -34,6 +34,9 @@

        <sec:intercept-url pattern="/service/users/" method="POST" access="permitAll"/>
        <sec:intercept-url pattern="/service/users/resetPassword" method="PUT" access="permitAll"/>
+        
+		<sec:intercept-url pattern="/service/oauth2/googlecallback" method="POST" access="permitAll"/>
+        <sec:intercept-url pattern="/service/oauth2/confirmaccountsync" method="PUT" access="permitAll"/>

        <sec:intercept-url pattern="/service/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
        <sec:intercept-url pattern="/service/admin/database/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
@@ -47,6 +50,7 @@
        <sec:intercept-url pattern="/c/login" access="permitAll"/>
        <sec:intercept-url pattern="/c/registration" access="hasRole('ANONYMOUS')"/>
        <sec:intercept-url pattern="/c/registration-success" access="hasRole('ANONYMOUS')"/>
+        <sec:intercept-url pattern="/c/registration-google" access="permitAll"/>
        <sec:intercept-url pattern="/c/forgot-password" access="hasRole('ANONYMOUS')"/>
        <sec:intercept-url pattern="/c/forgot-password-success" access="hasRole('ANONYMOUS')"/>

--- a/wise-webapp/src/main/webapp/WEB-INF/wisemapping-service.xml
+++ b/wise-webapp/src/main/webapp/WEB-INF/wisemapping-service.xml
@@ -18,12 +18,25 @@
        <property name="velocityEngineWrapper" ref="velocityEngineWrapper"/>
    </bean>

+	<bean id="httpInvoker" class="com.wisemapping.service.http.HttpInvoker">
+	</bean>
+
+    <bean id="googleService" class="com.wisemapping.service.google.GoogleService">
+		<property name="httpInvoker" ref="httpInvoker"/>
+        <property name="optinConfirmUrl" value="${google.oauth2.confirmUrl}"/>
+        <property name="accountBasicDataUrl" value="${google.oauth2.userinfoUrl}"/>
+        <property name="clientId" value="${google.oauth2.clientId}"/>
+        <property name="clientSecret" value="${google.oauth2.clientSecret}"/>
+        <property name="callbackUrl" value="${google.oauth2.callbackUrl}"/>
+	</bean>
+
    <bean id="userServiceTarget" class="com.wisemapping.service.UserServiceImpl">
        <property name="userManager" ref="userManager"/>
        <property name="mindmapService" ref="mindMapServiceTarget"/>
        <property name="notificationService" ref="notificationService"/>
        <property name="messageSource" ref="messageSource"/>
        <property name="velocityEngineWrapper" ref="velocityEngineWrapper"/>
+        <property name="googleService" ref="googleService"/>
    </bean>

    <bean id="userService" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
--- a/wise-webapp/src/main/webapp/jsp/reactInclude.jsp
+++ b/wise-webapp/src/main/webapp/jsp/reactInclude.jsp
@@ -19,7 +19,8 @@
            analyticsAccount: '${requestScope['google.analytics.account']}',
            clientType: 'rest',
            recaptcha2Enabled: ${requestScope['google.recaptcha2.enabled']},
-            recaptcha2SiteKey: '${requestScope['google.recaptcha2.siteKey']}'
+            recaptcha2SiteKey: '${requestScope['google.recaptcha2.siteKey']}',
+            googleOauth2Url: '${requestScope['google.oauth2.url']}'
        };

    </script>