dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #38181
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 19496: oauth2 authorized_code grant_type, wip
------------------------------------------------------------
revno: 19496
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2015-06-23 11:12:17 +0700
message:
oauth2 authorized_code grant_type, wip
removed:
dhis-2/dhis-web/dhis-web-uaa/src/main/webapp/WEB-INF/uaa/
added:
dhis-2/dhis-web/dhis-web-uaa/src/main/java/org/hisp/dhis/web/uaa/oauth2/ConfirmAccessController.java
dhis-2/dhis-web/dhis-web-uaa/src/main/webapp/WEB-INF/dhis-web-uaa/
dhis-2/dhis-web/dhis-web-uaa/src/main/webapp/WEB-INF/dhis-web-uaa/confirm_access.vm
modified:
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
dhis-2/dhis-web/dhis-web-uaa/src/main/resources/META-INF/dhis/webapi-uaa.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-06-22 10:11:42 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-06-23 04:12:17 +0000
@@ -25,6 +25,19 @@
<sec:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<sec:access-denied-handler ref="oauthAccessDeniedHandler" />
</sec:http>
+
+ <sec:http pattern="/uaa/oauth/authorize/**" authentication-manager-ref="authenticationManager" disable-url-rewriting="true">
+ <sec:intercept-url pattern="/uaa/oauth/authorize/**" access="IS_AUTHENTICATED_FULLY" />
+ <sec:http-basic />
+ <sec:anonymous />
+
+ <!--
+ <form-login authentication-failure-url="/login.jsp?authentication_error=true"
+ default-target-url="http://www.ourwebsite.com/"; login-page="/login.jsp"
+ login-processing-url="/login.do" />
+ -->
+ </sec:http>
+
<!-- End OAuth2 -->
<bean id="mappedRedirectStrategy" class="org.hisp.dhis.security.MappedRedirectStrategy">
=== added file 'dhis-2/dhis-web/dhis-web-uaa/src/main/java/org/hisp/dhis/web/uaa/oauth2/ConfirmAccessController.java'
--- dhis-2/dhis-web/dhis-web-uaa/src/main/java/org/hisp/dhis/web/uaa/oauth2/ConfirmAccessController.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-uaa/src/main/java/org/hisp/dhis/web/uaa/oauth2/ConfirmAccessController.java 2015-06-23 04:12:17 +0000
@@ -0,0 +1,52 @@
+package org.hisp.dhis.web.uaa.oauth2;
+
+/*
+ * Copyright (c) 2004-2015, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import java.util.Map;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+@Controller
+@RequestMapping( value = "/oauth/confirm_access", method = RequestMethod.GET )
+public class ConfirmAccessController
+{
+ @RequestMapping
+ public String confirmAccess( Model model, @RequestParam Map<String, String> rpParameters )
+ {
+ model.addAllAttributes( rpParameters );
+ return "confirm_access";
+ }
+}
=== modified file 'dhis-2/dhis-web/dhis-web-uaa/src/main/resources/META-INF/dhis/webapi-uaa.xml'
--- dhis-2/dhis-web/dhis-web-uaa/src/main/resources/META-INF/dhis/webapi-uaa.xml 2015-06-22 10:11:42 +0000
+++ dhis-2/dhis-web/dhis-web-uaa/src/main/resources/META-INF/dhis/webapi-uaa.xml 2015-06-23 04:12:17 +0000
@@ -11,7 +11,7 @@
<sec:global-method-security pre-post-annotations="enabled" />
<bean id="velocityConfig" class="org.springframework.web.servlet.view.velocity.VelocityConfigurer">
- <property name="resourceLoaderPath" value="/WEB-INF/uaa/" />
+ <property name="resourceLoaderPath" value="/WEB-INF/dhis-web-uaa/" />
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.velocity.VelocityViewResolver">
@@ -27,7 +27,8 @@
<context:component-scan base-package="org.hisp.dhis.web.uaa" />
<!-- OAuth2 -->
- <oauth:authorization-server client-details-service-ref="clientDetailsService" token-services-ref="tokenServices">
+ <oauth:authorization-server client-details-service-ref="clientDetailsService" token-services-ref="tokenServices"
+ user-approval-page="forward:/uaa/oauth/confirm_access">
<oauth:authorization-code />
<oauth:refresh-token />
<oauth:password authentication-manager-ref="authenticationManager" />
=== added directory 'dhis-2/dhis-web/dhis-web-uaa/src/main/webapp/WEB-INF/dhis-web-uaa'
=== added file 'dhis-2/dhis-web/dhis-web-uaa/src/main/webapp/WEB-INF/dhis-web-uaa/confirm_access.vm'
--- dhis-2/dhis-web/dhis-web-uaa/src/main/webapp/WEB-INF/dhis-web-uaa/confirm_access.vm 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-uaa/src/main/webapp/WEB-INF/dhis-web-uaa/confirm_access.vm 2015-06-23 04:12:17 +0000
@@ -0,0 +1,44 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+ <title>OAuth2 Confirm Access</title>
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+ <link rel="stylesheet" href="../../dhis-web-commons/bootstrap/css/bootstrap.min.css">
+</head>
+
+<body style="padding-top: 70px;">
+
+<nav class="navbar navbar-inverse navbar-fixed-top">
+ <div class="container-fluid">
+
+ <div class="navbar-header">
+ <a class="navbar-brand" href="#">DHIS2 OAuth2</a>
+ </div>
+
+ </div>
+</nav>
+
+<div class="container-fluid">
+ <div class="row col-lg-6 col-lg-offset-3 col-md-6 col-md-offset-3">
+ <div class="row">
+ <h4>Do you authorize '$client_id' to access your protected resources?</h4>
+ </div>
+ <div class="row">
+ <form id="authorizeForm" action="authorize" method="POST">
+ <input name="user_oauth_approval" value="true" type="hidden"/>
+ <button type="submit" class="btn btn-primary btn-lg btn-block">Authorize</button>
+ </form>
+ </div>
+ <div class="row">
+ <form id="denyForm" action="authorize" method="POST">
+ <input name="user_oauth_approval" value="false" type="hidden"/>
+ <button type="submit" class="btn btn-default btn-lg btn-block">Deny</button>
+ </form>
+ </div>
+ </div>
+</div>
+
+</body>
+
+</html>
\ No newline at end of file
=== removed directory 'dhis-2/dhis-web/dhis-web-uaa/src/main/webapp/WEB-INF/uaa'
