-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #180 from onc-healthit/develop
Merge from Develop to Master for release 3.1.71
- Loading branch information
Showing
12 changed files
with
368 additions
and
77 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
82 changes: 82 additions & 0 deletions
82
src/main/java/org/sitenv/referenceccda/configuration/KeycloakTokenValidationClient.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
package org.sitenv.referenceccda.configuration; | ||
|
||
import okhttp3.*; | ||
import org.json.JSONObject; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.springframework.stereotype.Component; | ||
|
||
import javax.net.ssl.HostnameVerifier; | ||
import javax.net.ssl.SSLSession; | ||
import javax.servlet.http.HttpServletRequest; | ||
import java.io.IOException; | ||
|
||
/** | ||
* KeycloakTokenValidationClient class used for validating token | ||
*/ | ||
@Component("keycloakTokenValidationClient") | ||
public class KeycloakTokenValidationClient { | ||
|
||
/** The LOGGERGER */ | ||
private static final Logger LOGGER = LoggerFactory.getLogger(KeycloakTokenValidationClient.class); | ||
private static final String APPLICATION_URL_FORM_ENCODED = "application/x-www-form-urlencoded"; | ||
|
||
/** | ||
* | ||
* @param request | ||
* @param authUrl : Auth base URL for keycloak | ||
* @param realm : keycloak realm for introspect | ||
* @param clientId : client id for authenticating token | ||
* @param clientSecret | ||
* @return | ||
*/ | ||
public boolean validateToken(HttpServletRequest request, String authUrl, String realm, String clientId, String clientSecret) { | ||
|
||
LOGGER.info("Entry - validateToken Method in KeyCloakTokenValidationClient "); | ||
boolean validationResponse = false; | ||
final String authorizationHeaderValue = request.getHeader("Authorization"); | ||
if (authorizationHeaderValue != null && authorizationHeaderValue.startsWith("Bearer")); | ||
String token = authorizationHeaderValue.substring(7, authorizationHeaderValue.length()); | ||
|
||
String url = authUrl + "/realms/" + realm + "/protocol/openid-connect/token/introspect"; | ||
LOGGER.info("KeyCloakTokenValidationClient URL = "+url ); | ||
|
||
OkHttpClient client = new OkHttpClient().newBuilder().hostnameVerifier(new HostnameVerifier() | ||
{ | ||
@Override | ||
public boolean verify(String hostname, SSLSession session) | ||
{ | ||
return true; | ||
} | ||
}).build(); | ||
|
||
MediaType mediaType = MediaType.parse(APPLICATION_URL_FORM_ENCODED); | ||
|
||
RequestBody body = RequestBody.create(mediaType, "token="+token+"&client_id="+clientId+"&client_secret="+clientSecret); | ||
|
||
Request requestOne = new Request.Builder() | ||
.url(url) | ||
.method("POST", body) | ||
.addHeader("Content-Type", "application/x-www-form-urlencoded") | ||
.build(); | ||
Response clientResponse; | ||
try { | ||
clientResponse = client.newCall(requestOne).execute(); | ||
clientResponse.body(); | ||
if (!clientResponse.isSuccessful()) { | ||
LOGGER.error("Failed to authenticate"); | ||
} | ||
String response = clientResponse.body().string(); | ||
JSONObject jsonObj = new JSONObject(response); | ||
validationResponse = (boolean) jsonObj.get("active"); | ||
LOGGER.info("Access Token Validation Status ::::" + validationResponse); | ||
} catch (IOException e) { | ||
LOGGER.info("Exception - validateToken Method in KeyCloakTokenValidationClient",e); | ||
e.printStackTrace(); | ||
} | ||
LOGGER.info("Exit - validateToken Method in KeyCloakTokenValidationClient "); | ||
return validationResponse; | ||
|
||
} | ||
|
||
} |
86 changes: 86 additions & 0 deletions
86
src/main/java/org/sitenv/referenceccda/configuration/TokenFilter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
package org.sitenv.referenceccda.configuration; | ||
|
||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.springframework.stereotype.Component; | ||
|
||
import javax.servlet.*; | ||
import javax.servlet.annotation.WebFilter; | ||
import javax.servlet.http.HttpServletRequest; | ||
import javax.servlet.http.HttpServletResponse; | ||
import java.io.IOException; | ||
|
||
/** | ||
* Filter class for intercepting incoming request | ||
*/ | ||
@Component | ||
@WebFilter(urlPatterns = "/*") | ||
public class TokenFilter implements Filter { | ||
|
||
/** The LOGGERGER */ | ||
private static final Logger LOGGER = LoggerFactory.getLogger(TokenFilter.class); | ||
private String authUrl; | ||
private String realm; | ||
private String clientId; | ||
private String clientSecret; | ||
private String authEnabled; | ||
|
||
@Override | ||
public void init(FilterConfig filterConfig) throws ServletException { | ||
ServletContext servletContext = filterConfig.getServletContext(); | ||
authEnabled = servletContext.getInitParameter("keycloak.enabled"); | ||
authUrl = servletContext.getInitParameter("keycloak.auth.server"); | ||
realm = servletContext.getInitParameter("keycloak.realm"); | ||
clientId = servletContext.getInitParameter("keycloak.client.id"); | ||
clientSecret = servletContext.getInitParameter("keycloak.client.secret"); | ||
LOGGER.info("authEnabled"+authEnabled+"authUrl == "+authUrl +"\nrealm == "+realm+"\nclientId == "+clientId+"\nclientSecret == "+clientSecret); | ||
//System.out.println("authEnabled == "+authEnabled+"\nauthUrl == "+authUrl +"\nrealm == "+realm+"\nclientId == "+clientId+"\nclientSecret == "+clientSecret); | ||
} | ||
|
||
/** | ||
* (non-Javadoc) Details of the APIs and the request types that can be used with | ||
* this application | ||
* | ||
* @param req | ||
* @param res | ||
* @param chain | ||
*/ | ||
@Override | ||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) | ||
throws IOException, ServletException { | ||
LOGGER.info("Entry - doFilter Method in TokenFilter "); | ||
HttpServletRequest request = (HttpServletRequest) req; | ||
HttpServletResponse response = (HttpServletResponse) res; | ||
|
||
String referrer = request.getHeader("Referer"); | ||
String path = request.getRequestURL().toString(); | ||
|
||
if (path.contains("/static/") || path.contains("/ui") || (referrer != null && referrer.contains("/referenceccdaservice/static/validationui.html") )) { | ||
chain.doFilter(request, response); | ||
LOGGER.info("Exit - doFilter Method in TokenFilter -- CCDA UI endpoint"); | ||
}else if ("true".equals(authEnabled)) { | ||
KeycloakTokenValidationClient keyCloakTokenValidationClient = new KeycloakTokenValidationClient(); | ||
boolean responseStatus = keyCloakTokenValidationClient.validateToken(request, authUrl, realm, clientId, clientSecret); | ||
LOGGER.info("RESPONSE STATUS :: " + responseStatus); | ||
if (responseStatus) { | ||
chain.doFilter(request, response); | ||
LOGGER.info("Exit - doFilter Method in TokenFilter "); | ||
} else { | ||
response.sendError(401, "UnAuthorized User"); | ||
LOGGER.error("Error in doFilter TokenFilter - UnAuthorized User "); | ||
} | ||
} else { | ||
chain.doFilter(request, response); | ||
LOGGER.info("Exit - doFilter Method in TokenFilter -- Keycloak authentication not enabled"); | ||
} | ||
} | ||
|
||
/** | ||
* Destroy method | ||
*/ | ||
@Override | ||
public void destroy() { | ||
LOGGER.info("Entry - destroy Method in Web Filter "); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.