Commit 2188f157 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

731: Finalize redirection to self service for incomplete accounts

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=731
parent ef08e868
......@@ -20,6 +20,7 @@ public interface User extends UserDetails, Identifiable {
public void setEndpointId(String localDomain);
public void setEndpointName(String defaultLocalDomain);
public boolean isHasAllAttributes();
public void setHasAllAttributes(boolean b);
public void setAuthorities(Collection<Role> roles);
public Collection<Role> getRoles();
......
......@@ -40,7 +40,6 @@ import eu.dariah.de.dariahsp.saml.web.metadata.MetadataValidator;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Array;
import java.security.KeyStoreException;
import java.util.*;
......
......@@ -15,7 +15,9 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
import eu.dariah.de.dariahsp.saml.model.SAMLUserImpl;
......@@ -27,6 +29,8 @@ public class CheckUserFilter extends GenericFilterBean implements InitializingBe
private String localRedirect;
private String hostedEntityId;
private boolean attributeAggregation;
private RequestCache requestCache;
public String getIncompleteAttributesRedirect() { return incompleteAttributesRedirect; }
public void setIncompleteAttributesRedirect(String incompleteAttributesRedirect) { this.incompleteAttributesRedirect = incompleteAttributesRedirect; }
......@@ -40,6 +44,9 @@ public class CheckUserFilter extends GenericFilterBean implements InitializingBe
public boolean isAttributeAggregation() { return attributeAggregation; }
public void setAttributeAggregation(boolean attributeAggregation) { this.attributeAggregation = attributeAggregation; }
public RequestCache getRequestCache() { return requestCache; }
public void setRequestCache(RequestCache requestCache) { this.requestCache = requestCache; }
@Override
public void afterPropertiesSet() throws ServletException {
......@@ -68,12 +75,21 @@ public class CheckUserFilter extends GenericFilterBean implements InitializingBe
SAMLUserImpl samlUser = (SAMLUserImpl)user;
if (!samlUser.isHasAllAttributes()) {
if(!httpRequest.getServletPath().equals("/logout") && !httpRequest.getServletPath().endsWith(localRedirect)) {
httpResponse.sendRedirect(localRedirect);
incompleteAttributesRedirect = incompleteAttributesRedirect.replace("{0}", URLEncoder.encode(this.getHostedEntityId(), "UTF-8"));
incompleteAttributesRedirect = incompleteAttributesRedirect.replace("{1}", URLEncoder.encode("/", "UTF-8"));
httpResponse.sendRedirect(ServletUriComponentsBuilder.fromServletMapping(httpRequest).build().toUriString() + localRedirect);
String redirect = incompleteAttributesRedirect.replace("{entityId}", URLEncoder.encode(this.getHostedEntityId(), "UTF-8"));
StringBuffer requestURL = httpRequest.getRequestURL();
if (httpRequest.getQueryString() != null) {
requestURL.append('?').append(httpRequest.getQueryString());
}
httpRequest.getSession().setAttribute(ATTRIBUTE_COMPLETION_REDIRECT_ATTR, incompleteAttributesRedirect);
redirect = redirect.replace("{returnUrl}", URLEncoder.encode(requestURL.toString(), "UTF-8"));
if (this.requestCache!=null) {
this.requestCache.saveRequest(httpRequest, httpResponse);
}
httpRequest.getSession().setAttribute(ATTRIBUTE_COMPLETION_REDIRECT_ATTR, redirect);
return;
}
}
......
package eu.dariah.de.dariahsp.sample.controller;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
......@@ -18,9 +23,10 @@ import eu.dariah.de.dariahsp.web.CheckUserFilter;
@Controller
@RequestMapping("/user")
public class UserProfileController {
public class UserController {
@Autowired private UserService userService;
@Autowired private RequestCache requestCache;
@RequestMapping(value="/", method=RequestMethod.GET)
public String showProfile(Model model) {
......@@ -39,14 +45,36 @@ public class UserProfileController {
}
@RequestMapping(value="/incompleteProfile", method=RequestMethod.GET)
public String completeProfile(HttpServletRequest request, Model model) {
public String completeProfile(HttpServletRequest request, HttpServletResponse response, Model model) throws IOException {
HttpSession session = request.getSession(false);
if (session != null) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
User user = null;
if (auth != null && auth.getDetails() instanceof User) {
user = (User)auth.getDetails();
if (user != null) {
model.addAttribute("user", userService.loadUserByUsername(user.getEndpointId(), user.getNameId()));
}
if (user.isHasAllAttributes()) {
return "redirect:/user/";
}
}
Object attr = session.getAttribute(CheckUserFilter.ATTRIBUTE_COMPLETION_REDIRECT_ATTR);
if (attr!=null) {
model.addAttribute("redirectUrl", attr.toString());
}
SavedRequest savedReq = requestCache.getRequest(request, response);
if (savedReq!=null) {
model.addAttribute("returnUrl", savedReq.getRedirectUrl());
requestCache.removeRequest(request, response);
} else {
model.addAttribute("returnUrl", request.getRequestURL());
}
}
return "user/incomplete_profile";
......
......@@ -55,8 +55,10 @@ auth:
friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
incompleteAttributesRedirect: "https://dariah.daasi.de/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl%3Fmode%3Dauthenticate%3Bshibboleth%3D1%3Bnextpage%3Dregistration%3Breturnurl%3D{1}&entityID={0}"
#incompleteAttributesRedirect: "https://auth.dariah.eu/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl%3Fmode%3Dauthenticate%3Bshibboleth%3D1%3Bnextpage%3Dregistration%3Breturnurl%3D{1}&entityID={0}"
# For now without parameters bc DARIAH Self Service is broken
incompleteAttributesRedirect: "https://dariah.daasi.de/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl"
#incompleteAttributesRedirect: "https://dariah.daasi.de/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl%3Fmode%3Dauthenticate%3Bshibboleth%3D1%3Bnextpage%3Dregistration%3Breturnurl%3D{returnUrl}&entityID={entityId}"
#incompleteAttributesRedirect: "https://auth.dariah.eu/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl%3Fmode%3Dauthenticate%3Bshibboleth%3D1%3Bnextpage%3Dregistration%3Breturnurl%3D{returnUrl}&entityID={entityId}"
requiredAttributes:
- stage: ATTRIBUTES
required: true
......
......@@ -48,10 +48,11 @@
</bean>
<bean id="checkUserFilter" class="eu.dariah.de.dariahsp.web.CheckUserFilter">
<property name="localRedirect" value="user/incompleteProfile" />
<property name="localRedirect" value="/user/incompleteProfile" />
<property name="incompleteAttributesRedirect" value="${auth.saml.sp.attributeQuery.incompleteAttributesRedirect:#{null}}" />
<property name="hostedEntityId" value="${auth.saml.sp.entityId:#{null}}" />
<property name="attributeAggregation" value="${auth.saml.sp.attributeQuery.enabled:false}" />
<property name="requestCache" ref="requestCache" />
</bean>
<!-- This probably needs to be changed to a persisting extension of BaseUserService -->
......
......@@ -29,7 +29,7 @@
<table>
<tr><th>Authenticated:&nbsp;</th><td>${_auth!=null && _auth.auth==true}</td></tr>
<c:if test="${_auth!=null && _auth.auth==true}">
<tr><th>Display name:&nbsp;</th><td>${_auth.displayName}</td></tr>
<tr><th>User:&nbsp;</th><td>${_auth.displayName}</td></tr>
</c:if>
</table>
</div>
......
......@@ -27,17 +27,23 @@
<div id="main-content">
<h2>Insufficient Information</h2>
<p>Your home organisation did not provide sufficient attributes to this service.
You will be redirected to the <a href="_self" target="${redirectUrl}">DARIAH central user registry</a> and complete your profile in order to use this service.</p>
In 10 seconds you will be redirected to the <a target="_self" href="${redirectUrl}">DARIAH central user registry</a> and complete your profile in order to use this service.</p>
<p>After Registration, you will be able to access your resources provided you are authorized.</p>
<h3>Actions</h3>
Either access the <strong><a target="_self" href="${redirectUrl}">DARIAH central user registry</a></strong> to complete your profile or<br />
<strong><a target="_self" href='<s:url value="/logout" />'>Logout</a></strong> to use this tool as unauthenticated user (if possible).
<h3>More Details</h3>
Home Organisation Name: <b>...</b><br/>
Home Organisation entityID: <b>...</b><br/>
You were trying to access the following URL: <b>...></b>
Home Organisation Name: <b>${user.endpointName}</b><br/>
Home Organisation entityID: <b>${user.endpointId}</b><br/>
You were trying to access the following URL: <b>${returnUrl}</b>
<script type="text/javascript">
<!--
setTimeout(function() { window.location = "${redirectUrl}" }, 5000);
//setTimeout(function() { window.location = "${redirectUrl}" }, 5000);
//-->
</script>
</div>
......
......@@ -22,7 +22,7 @@
<div class="row">
<div id="main-content-wrapper" class="col-sm-10 col-sm-offset-1">
<ul class="breadcrumb">
<li class="active">Home</li>
<li class="active">User profile</li>
</ul>
<div id="main-content">
<h2>Home</h2>
......@@ -42,12 +42,6 @@
<p class="form-control-static">${user.username}</p>
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label" for="user_username">Transient: </label>
<div class="col-sm-9">
<p class="form-control-static">${!user.persistent}</p>
</div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label" for="user_username">Home IdP Attributes: </label>
<div class="col-sm-9">
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment