diff --git a/backend/src/main/java/ervu/service/fileupload/EmployeeInfoKafkaMessageService.java b/backend/src/main/java/ervu/service/fileupload/EmployeeInfoKafkaMessageService.java index ed02db52..a69a38b2 100644 --- a/backend/src/main/java/ervu/service/fileupload/EmployeeInfoKafkaMessageService.java +++ b/backend/src/main/java/ervu/service/fileupload/EmployeeInfoKafkaMessageService.java @@ -32,6 +32,7 @@ public class EmployeeInfoKafkaMessageService { ); } + //TODO: refactor SUPPORT-8381 private OrgInfo getOrgInfo() { // OrganizationModel organizationModel = ulDataService.getOrganizationModel(); // return new OrgInfo( diff --git a/backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java b/backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java index b15200ba..44a4223b 100644 --- a/backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java +++ b/backend/src/main/java/ru/micord/ervu/security/SecurityConfig.java @@ -10,6 +10,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import ru.micord.ervu.security.webbpm.jwt.filter.JwtAuthenticationFilter; +import ru.micord.ervu.security.webbpm.jwt.UnauthorizedEntryPoint; @Configuration @EnableWebSecurity diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java b/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java index b247b9f6..4732afb4 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java @@ -36,6 +36,15 @@ public class EsiaConfig { @Value("${esia-uri.logout:#{null}}") private String logoutUrl; + @Value("${client-cert-hash:#{null}}") + private String clientCertHash; + + @Value("${esia.request-timeout:60}") + private long requestTimeout; + + @Value("${esia.connection-timeout:30}") + private long connectionTimeout; + public String getEsiaCodeUri() { return esiaCodePath; } @@ -44,11 +53,11 @@ public class EsiaConfig { return esiaTokenPath; } - public String getEsiaOrgScope() { + public String getEsiaOrgScopes() { return esiaOrgScopes; } - public String getEsiaScope() { + public String getEsiaScopes() { return esiaScopes; } @@ -71,4 +80,14 @@ public class EsiaConfig { public String getLogoutUrl() { return logoutUrl; } + + public String getClientCertHash() {return clientCertHash;} + + public long getRequestTimeout() { + return requestTimeout; + } + + public long getConnectionTimeout() { + return connectionTimeout; + } } diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java index 1f869b08..7f55d4b0 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java @@ -28,8 +28,8 @@ import org.springframework.http.HttpHeaders; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Service; -import ru.micord.ervu.security.JwtTokenService; -import ru.micord.ervu.security.Token; +import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; +import ru.micord.ervu.security.webbpm.jwt.model.Token; /** * @author Eduard Tihomirov @@ -37,8 +37,6 @@ import ru.micord.ervu.security.Token; @Service public class EsiaAuthService { - private final static String CLIENT_CERTIFICATE_HASH = "04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD"; - @Autowired private ObjectMapper objectMapper; @@ -61,8 +59,8 @@ public class EsiaAuthService { String redirectUrl = esiaConfig.getRedirectUrl(); String redirectUrlEncoded = redirectUrl.replaceAll(":", "%3A") .replaceAll("/", "%2F"); - String scope = esiaConfig.getEsiaScope(); - String scopeOrg = esiaConfig.getEsiaOrgScope(); + String scope = esiaConfig.getEsiaScopes(); + String scopeOrg = esiaConfig.getEsiaOrgScopes(); Map parameters = new LinkedHashMap(); parameters.put("client_id", clientId); @@ -89,7 +87,7 @@ public class EsiaAuthService { "response_type", responseType, "redirect_uri", redirectUrlEncoded, "obj_type", "B L F A", - "client_certificate_hash", CLIENT_CERTIFICATE_HASH); + "client_certificate_hash", esiaConfig.getClientCertHash()); return makeRequest(url, params); } @@ -135,8 +133,8 @@ public class EsiaAuthService { String timestamp = dt.format(formatter); String state = UUID.randomUUID().toString(); String redirectUrl = esiaConfig.getRedirectUrl(); - String scope = esiaConfig.getEsiaScope(); - String scopeOrg = esiaConfig.getEsiaOrgScope(); + String scope = esiaConfig.getEsiaScopes(); + String scopeOrg = esiaConfig.getEsiaOrgScopes(); Map parameters = new LinkedHashMap(); parameters.put("client_id", clientId); @@ -160,15 +158,15 @@ public class EsiaAuthService { .setParameter("scope_org", scopeOrg) .setParameter("timestamp", timestamp) .setParameter("token_type", "Bearer") - .setParameter("client_certificate_hash", CLIENT_CERTIFICATE_HASH) + .setParameter("client_certificate_hash", esiaConfig.getClientCertHash()) .toFormUrlencodedString(); HttpRequest postReq = HttpRequest.newBuilder(URI.create(authUrl)) .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") .POST(HttpRequest.BodyPublishers.ofString(postBody)) - .timeout(Duration.ofSeconds(60)) + .timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout())) .build(); HttpResponse postResp = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(postReq, HttpResponse.BodyHandlers.ofString()); String responseString = postResp.body(); @@ -224,8 +222,8 @@ public class EsiaAuthService { String timestamp = dt.format(formatter); String state = UUID.randomUUID().toString(); String redirectUrl = esiaConfig.getRedirectUrl(); - String scope = esiaConfig.getEsiaScope(); - String scopeOrg = esiaConfig.getEsiaOrgScope(); + String scope = esiaConfig.getEsiaScopes(); + String scopeOrg = esiaConfig.getEsiaOrgScopes(); Map parameters = new LinkedHashMap(); parameters.put("client_id", clientId); @@ -249,15 +247,15 @@ public class EsiaAuthService { .setParameter("scope_org", scopeOrg) .setParameter("timestamp", timestamp) .setParameter("token_type", "Bearer") - .setParameter("client_certificate_hash", CLIENT_CERTIFICATE_HASH) + .setParameter("client_certificate_hash", esiaConfig.getClientCertHash()) .toFormUrlencodedString(); HttpRequest postReq = HttpRequest.newBuilder(URI.create(authUrl)) .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") .POST(HttpRequest.BodyPublishers.ofString(postBody)) - .timeout(Duration.ofSeconds(60)) + .timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout())) .build(); HttpResponse postResp = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(postReq, HttpResponse.BodyHandlers.ofString()); String responseString = postResp.body(); @@ -304,7 +302,7 @@ public class EsiaAuthService { .POST(HttpRequest.BodyPublishers.ofString(requestBody, StandardCharsets.UTF_8)) .build(); HttpResponse response = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(request, HttpResponse.BodyHandlers.ofString()); errorHandler(response); diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java index 0da105fb..bb3d071f 100644 --- a/backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java +++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/UlDataServiceImpl.java @@ -50,10 +50,10 @@ public class UlDataServiceImpl implements UlDataService { .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") .header("Authorization", "Bearer ".concat(accessToken)) .GET() - .timeout(Duration.ofSeconds(60)) + .timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout())) .build(); HttpResponse getResp = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(getReq, HttpResponse.BodyHandlers.ofString()); errorHandler(getResp); @@ -91,10 +91,10 @@ public class UlDataServiceImpl implements UlDataService { .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") .header("Authorization", "Bearer ".concat(accessToken)) .GET() - .timeout(Duration.ofSeconds(60)) + .timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout())) .build(); HttpResponse getResp = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(getReq, HttpResponse.BodyHandlers.ofString()); errorHandler(getResp); @@ -113,10 +113,10 @@ public class UlDataServiceImpl implements UlDataService { .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") .header("Authorization", "Bearer ".concat(accessToken)) .GET() - .timeout(Duration.ofSeconds(60)) + .timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout())) .build(); HttpResponse getResp = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(getReq, HttpResponse.BodyHandlers.ofString()); errorHandler(getResp); @@ -153,10 +153,10 @@ public class UlDataServiceImpl implements UlDataService { .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") .header("Authorization", "Bearer ".concat(accessToken)) .GET() - .timeout(Duration.ofSeconds(60)) + .timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout())) .build(); HttpResponse getResp = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(getReq, HttpResponse.BodyHandlers.ofString()); errorHandler(getResp); @@ -168,10 +168,10 @@ public class UlDataServiceImpl implements UlDataService { .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") .header("Authorization", "Bearer ".concat(accessToken)) .GET() - .timeout(Duration.ofSeconds(60)) + .timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout())) .build(); HttpResponse getRespBrhs = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(getReqBrhs, HttpResponse.BodyHandlers.ofString()); errorHandler(getRespBrhs); @@ -203,10 +203,10 @@ public class UlDataServiceImpl implements UlDataService { .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") .header("Authorization", "Bearer ".concat(accessToken)) .GET() - .timeout(Duration.ofSeconds(60)) + .timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout())) .build(); HttpResponse getResp = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(getReq, HttpResponse.BodyHandlers.ofString()); errorHandler(getResp); @@ -234,10 +234,10 @@ public class UlDataServiceImpl implements UlDataService { .header(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded") .header("Authorization", "Bearer ".concat(accessToken)) .GET() - .timeout(Duration.ofSeconds(60)) + .timeout(Duration.ofSeconds(esiaConfig.getRequestTimeout())) .build(); HttpResponse getResp = HttpClient.newBuilder() - .connectTimeout(Duration.ofSeconds(30)) + .connectTimeout(Duration.ofSeconds(esiaConfig.getConnectionTimeout())) .build() .send(getReq, HttpResponse.BodyHandlers.ofString()); errorHandler(getResp); diff --git a/backend/src/main/java/ru/micord/ervu/security/JwtAuthentication.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthentication.java similarity index 97% rename from backend/src/main/java/ru/micord/ervu/security/JwtAuthentication.java rename to backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthentication.java index 07e17310..47f65677 100644 --- a/backend/src/main/java/ru/micord/ervu/security/JwtAuthentication.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthentication.java @@ -1,4 +1,4 @@ -package ru.micord.ervu.security; +package ru.micord.ervu.security.webbpm.jwt; import java.util.Collection; diff --git a/backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationProvider.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthenticationProvider.java similarity index 92% rename from backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationProvider.java rename to backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthenticationProvider.java index e4016b2f..494cf510 100644 --- a/backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationProvider.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/JwtAuthenticationProvider.java @@ -1,4 +1,4 @@ -package ru.micord.ervu.security; +package ru.micord.ervu.security.webbpm.jwt; import io.jsonwebtoken.ExpiredJwtException; import org.springframework.beans.factory.annotation.Autowired; @@ -9,6 +9,8 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.stereotype.Component; +import ru.micord.ervu.security.webbpm.jwt.model.Token; +import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService; @Component public class JwtAuthenticationProvider implements AuthenticationProvider { diff --git a/backend/src/main/java/ru/micord/ervu/security/UnauthorizedEntryPoint.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UnauthorizedEntryPoint.java similarity index 95% rename from backend/src/main/java/ru/micord/ervu/security/UnauthorizedEntryPoint.java rename to backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UnauthorizedEntryPoint.java index 3aba3b9b..2fbdcec8 100644 --- a/backend/src/main/java/ru/micord/ervu/security/UnauthorizedEntryPoint.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/UnauthorizedEntryPoint.java @@ -1,4 +1,4 @@ -package ru.micord.ervu.security; +package ru.micord.ervu.security.webbpm.jwt; import java.io.IOException; import javax.servlet.http.HttpServletRequest; diff --git a/backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationFilter.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java similarity index 96% rename from backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationFilter.java rename to backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java index fe129248..ef8af20c 100644 --- a/backend/src/main/java/ru/micord/ervu/security/JwtAuthenticationFilter.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/filter/JwtAuthenticationFilter.java @@ -1,4 +1,4 @@ -package ru.micord.ervu.security; +package ru.micord.ervu.security.webbpm.jwt.filter; import java.io.IOException; import java.lang.invoke.MethodHandles; @@ -16,6 +16,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; +import ru.micord.ervu.security.webbpm.jwt.JwtAuthentication; /** * @author Flyur Karimov diff --git a/backend/src/main/java/ru/micord/ervu/security/Token.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/model/Token.java similarity index 93% rename from backend/src/main/java/ru/micord/ervu/security/Token.java rename to backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/model/Token.java index dac0b573..d7da8527 100644 --- a/backend/src/main/java/ru/micord/ervu/security/Token.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/model/Token.java @@ -1,4 +1,4 @@ -package ru.micord.ervu.security; +package ru.micord.ervu.security.webbpm.jwt.model; import java.util.Date; diff --git a/backend/src/main/java/ru/micord/ervu/security/JwtTokenService.java b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java similarity index 95% rename from backend/src/main/java/ru/micord/ervu/security/JwtTokenService.java rename to backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java index fff176aa..e075bf58 100644 --- a/backend/src/main/java/ru/micord/ervu/security/JwtTokenService.java +++ b/backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/service/JwtTokenService.java @@ -1,4 +1,4 @@ -package ru.micord.ervu.security; +package ru.micord.ervu.security.webbpm.jwt.service; import java.lang.invoke.MethodHandles; import java.util.Base64; @@ -13,6 +13,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; +import ru.micord.ervu.security.webbpm.jwt.model.Token; import ru.cg.webbpm.modules.resources.api.ResourceMetadataUtils; diff --git a/config/patches/default.cli b/config/patches/default.cli index 47b80a6d..d1589c12 100644 --- a/config/patches/default.cli +++ b/config/patches/default.cli @@ -49,3 +49,4 @@ xa-data-source add \ /system-property=esia-redirect-url:add(value="https://lkrp-dev.micord.ru/ul/") /system-property=sign-url:add(value="https://ervu-sign-dev.k8s.micord.ru/sign") /system-property=esia-uri.logout:add(value="https://esia-portal1.test.gosuslugi.ru/idp/ext/Logout") +/system-property=client-cert-hash:add(value="04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD") diff --git a/config/standalone/dev/standalone.xml b/config/standalone/dev/standalone.xml index b9465511..d660fbbd 100644 --- a/config/standalone/dev/standalone.xml +++ b/config/standalone/dev/standalone.xml @@ -75,6 +75,7 @@ + diff --git a/frontend/src/ts/modules/app/app-routing.module.ts b/frontend/src/ts/modules/app/app-routing.module.ts index 149d2d35..d31e3ac5 100644 --- a/frontend/src/ts/modules/app/app-routing.module.ts +++ b/frontend/src/ts/modules/app/app-routing.module.ts @@ -2,12 +2,13 @@ import {NgModule} from "@angular/core"; import {RouterModule, Routes} from "@angular/router"; import {AccessDeniedComponent} from "./component/access-denied.component"; import {AuthGuard} from "../security/guard/auth.guard"; +import {ConfirmExitGuard} from "@webbpm/base-package"; const appRoutes: Routes = [ { path: 'access-denied', component: AccessDeniedComponent, - canActivate: [AuthGuard], + canActivate: [ConfirmExitGuard], }, { path: 'mydata',