micord/ervu-lkrp-ul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-8427: Fix

Browse source
This commit is contained in:
Eduard Tihomirov 2024-09-06 10:22:49 +03:00
parent ea143dee76
commit ffd450930d
14 changed files with 68 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

1
backend/src/main/java/ervu/service/fileupload/EmployeeInfoKafkaMessageService.java
View file

@ -32,6 +32,7 @@ public class EmployeeInfoKafkaMessageService {
);
}
//TODO: refactor SUPPORT-8381
private OrgInfo getOrgInfo() {
// OrganizationModel organizationModel = ulDataService.getOrganizationModel();
// return new OrgInfo(

2
backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java
View file

@ -10,6 +10,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import ru.micord.ervu.security.webbpm.jwt.filter.JwtAuthenticationFilter;
import ru.micord.ervu.security.webbpm.jwt.UnauthorizedEntryPoint;
@Configuration
@EnableWebSecurity

23
backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
View file

@ -36,6 +36,15 @@ public class EsiaConfig {
@Value("${esia-uri.logout:#{null}}")
private String logoutUrl;
@Value("${client-cert-hash:#{null}}")
private String clientCertHash;
@Value("${esia.request-timeout:60}")
private long requestTimeout;
@Value("${esia.connection-timeout:30}")
private long connectionTimeout;
public String getEsiaCodeUri() {
return esiaCodePath;
}
@ -44,11 +53,11 @@ public class EsiaConfig {
return esiaTokenPath;
}
public String getEsiaOrgScope() {
public String getEsiaOrgScopes() {
return esiaOrgScopes;
}
public String getEsiaScope() {
public String getEsiaScopes() {
return esiaScopes;
}
@ -71,4 +80,14 @@ public class EsiaConfig {
public String getLogoutUrl() {
return logoutUrl;
}
public String getClientCertHash() {return clientCertHash;}
public long getRequestTimeout() {
return requestTimeout;
}
public long getConnectionTimeout() {
return connectionTimeout;
}
}

34
backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
View file

@ -28,8 +28,8 @@ import org.springframework.http.HttpHeaders;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import ru.micord.ervu.security.JwtTokenService;
import ru.micord.ervu.security.Token;
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
import ru.micord.ervu.security.webbpm.jwt.model.Token;
/**
* @author Eduard Tihomirov
@ -37,8 +37,6 @@ import ru.micord.ervu.security.Token;
@Service
public class EsiaAuthService {
private final static String CLIENT_CERTIFICATE_HASH = "04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD";
@Autowired
private ObjectMapper objectMapper;
@ -61,8 +59,8 @@ public class EsiaAuthService {
String redirectUrl = esiaConfig.getRedirectUrl();
String redirectUrlEncoded = redirectUrl.replaceAll(":", "%3A")
.replaceAll("/", "%2F");
String scope = esiaConfig.getEsiaScope();
String scopeOrg = esiaConfig.getEsiaOrgScope();
String scope = esiaConfig.getEsiaScopes();
String scopeOrg = esiaConfig.getEsiaOrgScopes();
Map<String, String> parameters = new LinkedHashMap<String, String>();
parameters.put("client_id", clientId);
@ -89,7 +87,7 @@ public class EsiaAuthService {
"response_type", responseType,
"redirect_uri", redirectUrlEncoded,
"obj_type", "B L F A",
"client_certificate_hash", CLIENT_CERTIFICATE_HASH);
"client_certificate_hash", esiaConfig.getClientCertHash());
return makeRequest(url, params);
}
@ -135,8 +133,8 @@ public class EsiaAuthService {
String timestamp = dt.format(formatter);
String state = UUID.randomUUID().toString();
String redirectUrl = esiaConfig.getRedirectUrl();
String scope = esiaConfig.getEsiaScope();
String scopeOrg = esiaConfig.getEsiaOrgScope();
String scope = esiaConfig.getEsiaScopes();
String scopeOrg = esiaConfig.getEsiaOrgScopes();
Map<String, String> parameters = new LinkedHashMap<String, String>();
parameters.put("client_id", clientId);
@ -160,15 +158,15 @@ public class EsiaAuthService {
.setParameter("scope_org", scopeOrg)
.setParameter("timestamp", timestamp)
.setParameter("token_type", "Bearer")
.setParameter("client_certificate_hash", CLIENT_CERTIFICATE_HASH)
.setParameter("client_certificate_hash", esiaConfig.getClientCertHash())
.toFormUrlencodedString();
HttpRequest postReq = HttpRequest.newBuilder(URI.create(authUrl))
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.POST(HttpRequest.BodyPublishers.ofString(postBody))
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> postResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(postReq, HttpResponse.BodyHandlers.ofString());
String responseString = postResp.body();
@ -224,8 +222,8 @@ public class EsiaAuthService {
String timestamp = dt.format(formatter);
String state = UUID.randomUUID().toString();
String redirectUrl = esiaConfig.getRedirectUrl();
String scope = esiaConfig.getEsiaScope();
String scopeOrg = esiaConfig.getEsiaOrgScope();
String scope = esiaConfig.getEsiaScopes();
String scopeOrg = esiaConfig.getEsiaOrgScopes();
Map<String, String> parameters = new LinkedHashMap<String, String>();
parameters.put("client_id", clientId);
@ -249,15 +247,15 @@ public class EsiaAuthService {
.setParameter("scope_org", scopeOrg)
.setParameter("timestamp", timestamp)
.setParameter("token_type", "Bearer")
.setParameter("client_certificate_hash", CLIENT_CERTIFICATE_HASH)
.setParameter("client_certificate_hash", esiaConfig.getClientCertHash())
.toFormUrlencodedString();
HttpRequest postReq = HttpRequest.newBuilder(URI.create(authUrl))
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.POST(HttpRequest.BodyPublishers.ofString(postBody))
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> postResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(postReq, HttpResponse.BodyHandlers.ofString());
String responseString = postResp.body();
@ -304,7 +302,7 @@ public class EsiaAuthService {
.POST(HttpRequest.BodyPublishers.ofString(requestBody, StandardCharsets.UTF_8))
.build();
HttpResponse<String> response = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(request, HttpResponse.BodyHandlers.ofString());
errorHandler(response);

28
backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java
View file

@ -50,10 +50,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -91,10 +91,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -113,10 +113,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -153,10 +153,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -168,10 +168,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getRespBrhs = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReqBrhs, HttpResponse.BodyHandlers.ofString());
errorHandler(getRespBrhs);
@ -203,10 +203,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);
@ -234,10 +234,10 @@ public class UlDataServiceImpl implements UlDataService {
.header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded")
.header("Authorization", "Bearer ".concat(accessToken))
.GET()
.timeout(Duration.ofSeconds(60))
.timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout()))
.build();
HttpResponse<String> getResp = HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout()))
.build()
.send(getReq, HttpResponse.BodyHandlers.ofString());
errorHandler(getResp);

2
backend/src/main/java/ru/micord/ervu/security/JwtAuthentication.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthentication.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt;
import java.util.Collection;

4
backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationProvider.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthenticationProvider.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt;
import io.jsonwebtoken.ExpiredJwtException;
import org.springframework.beans.factory.annotation.Autowired;
@ -9,6 +9,8 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import ru.micord.ervu.security.webbpm.jwt.model.Token;
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
@Component
public class JwtAuthenticationProvider implements AuthenticationProvider {

2
backend/src/main/java/ru/micord/ervu/security/UnauthorizedEntryPoint.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UnauthorizedEntryPoint.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;

3
backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationFilter.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt.filter;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
@ -16,6 +16,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication;
/**
* @author Flyur Karimov

2
backend/src/main/java/ru/micord/ervu/security/Token.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/model/Token.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt.model;
import java.util.Date;

3
backend/src/main/java/ru/micord/ervu/security/JwtTokenService.java → backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java
View file

@ -1,4 +1,4 @@
package ru.micord.ervu.security;
package ru.micord.ervu.security.webbpm.jwt.service;
import java.lang.invoke.MethodHandles;
import java.util.Base64;
@ -13,6 +13,7 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import ru.micord.ervu.security.webbpm.jwt.model.Token;
import ru.cg.webbpm.modules.resources.api.ResourceMetadataUtils;

1
config/patches/default.cli
View file

@ -49,3 +49,4 @@ xa-data-source add \
/system-property=esia-redirect-url:add(value="https://lkrp-dev.micord.ru/ul/")
/system-property=sign-url:add(value="https://ervu-sign-dev.k8s.micord.ru/sign")
/system-property=esia-uri.logout:add(value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout")
/system-property=client-cert-hash:add(value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD")

1
config/standalone/dev/standalone.xml
View file

@ -75,6 +75,7 @@
<property name="esia-redirect-url" value="https://lkrp.micord.ru"/>
<property name="sign-url" value="https://ervu-sign-dev.k8s.micord.ru/sign"/>
<property name="sesia-uri.logout" value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout"/>
<property name="client-cert-hash" value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD"/>
</system-properties>
<management>
<audit-log>

3
frontend/src/ts/modules/app/app-routing.module.ts
View file

@ -2,12 +2,13 @@ import {NgModule} from "@angular/core";
import {RouterModule, Routes} from "@angular/router";
import {AccessDeniedComponent} from "./component/access-denied.component";
import {AuthGuard} from "../security/guard/auth.guard";
import {ConfirmExitGuard} from "@webbpm/base-package";
const appRoutes: Routes = [
{
path: 'access-denied',
component: AccessDeniedComponent,
canActivate: [AuthGuard],
canActivate: [ConfirmExitGuard],
},
{
path: 'mydata',