Merge pull request #8 from hms-dbmi/DEV

IRCT 1.0 RC2

src/main/java/edu/harvard/hms/dbmi/bd2k/irct/cl/filter/SessionFilter.java

@@ -14,7 +14,7 @@
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
+//import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -42,21 +42,25 @@
  */
 @WebFilter(filterName = "session-filter", urlPatterns = { "/*" })
 public class SessionFilter implements Filter {
+
+	@javax.annotation.Resource(mappedName ="java:global/client_secret")
 	private String clientId;
+	@javax.annotation.Resource(mappedName ="java:global/client_id")
 	private String clientSecret;
+	@javax.annotation.Resource(mappedName ="java:global/userField")
 	private String userField;
 
-	@Inject
-	private ServletContext context;
+//	@Inject
+//	private ServletContext context;
 
 	@Inject
 	private SecurityController sc;
 
 	@Override
 	public void init(FilterConfig fliterConfig) throws ServletException {
-		this.clientSecret = context.getInitParameter("client_secret");
-		this.clientId = context.getInitParameter("client_id");
-		this.userField = context.getInitParameter("userField");
+//		this.clientSecret = context.getInitParameter("client_secret");
+//		this.clientId = context.getInitParameter("client_id");
+//		this.userField = context.getInitParameter("userField");
 	}
 
 	@Override
@@ -116,6 +120,18 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc)
 
 		}
 
+//		HttpSession session = ((HttpServletRequest) req).getSession();
+//		
+//		User user = sc.getUser("[email protected]");
+//		Token token = new JWT(((HttpServletRequest) req).getHeader("Authorization"), "", "Bearer", this.clientId);
+//		SecureSession secureSession = new SecureSession();
+//		secureSession.setToken(token);
+//		secureSession.setUser(user);
+//		
+//		session.setAttribute("user", user);
+//		session.setAttribute("token", token);
+//		session.setAttribute("secureSession", secureSession);
+
 		fc.doFilter(req, res);
 	}
 

src/main/java/edu/harvard/hms/dbmi/bd2k/irct/cl/rest/SecurityService.java

@@ -7,14 +7,12 @@
 import java.io.Serializable;
 import java.net.URI;
 
-import javax.annotation.PostConstruct;
 import javax.enterprise.context.SessionScoped;
 import javax.faces.bean.ManagedBean;
 import javax.inject.Inject;
 import javax.json.Json;
 import javax.json.JsonObjectBuilder;
 import javax.json.JsonStructure;
-import javax.servlet.ServletContext;
 import javax.servlet.http.HttpSession;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
@@ -57,18 +55,23 @@ public class SecurityService implements Serializable {
 	@Inject
 	private SecurityController sc;
 
-	@Inject
-	private ServletContext context;
 
 	@Inject
 	private HttpSession session;
 
 	private final NonceGenerator nonceGenerator = new NonceGenerator();
 	private String state;
+
+	@javax.annotation.Resource(mappedName ="java:global/redirect_on_success")
 	private String redirectOnSuccess;
-	private String tokenUri;
-	private String userInfoUri;
+
+	@javax.annotation.Resource(mappedName ="java:global/domain")
+	private String domain;
+
+	@javax.annotation.Resource(mappedName ="java:global/client_id")
 	private String clientId;
+
+	@javax.annotation.Resource(mappedName ="java:global/client_secret")
 	private String clientSecret;
 	private User user;
 	private Token token;
@@ -81,21 +84,6 @@ public SecurityService() {
 
 	}
 
-	/**
-	 * Following construction retrieves parameters from web.xml
-	 */
-	@PostConstruct
-	public void init() {
-		this.tokenUri = "https://" + context.getInitParameter("domain")
-				+ "/oauth/token";
-		this.userInfoUri = String.format("https://%s%s",
-				context.getInitParameter("domain"), "/userinfo");
-		this.clientId = context.getInitParameter("client_id");
-		this.clientSecret = context.getInitParameter("client_secret");
-		this.redirectOnSuccess = context
-				.getInitParameter("redirect_on_success");
-	}
-
 	/**
 	 * Creates a state and keeps it associated with the users http session
 	 * 
@@ -192,7 +180,8 @@ private Token fetchToken(String authorizationCode) throws JSONException,
 		json.put("grant_type", "authorization_code");
 		json.put("code", authorizationCode);
 
-		JSONObject tokenInfo = resty.json(tokenUri, content(json)).toObject();
+		JSONObject tokenInfo = resty.json(String.format("https://%s%s",
+				domain, "/userinfo"), content(json)).toObject();
 
 		return new JWT((String) tokenInfo.get("id_token"),
 				(String) tokenInfo.get("access_token"),
@@ -203,8 +192,8 @@ private User fetchUser(String accessToken) throws IOException,
 			JSONException {
 		Resty resty = new Resty();
 
-		JSONObject userInfo = resty.json(
-				this.userInfoUri + "?access_token=" + accessToken).toObject();
+		JSONObject userInfo = resty.json(String.format("https://%s%s",
+				domain, "/userinfo?access_token=") + accessToken).toObject();
 
 		String userEmail = userInfo.getString("email");
 

src/main/webapp/WEB-INF/web.xml

@@ -6,12 +6,4 @@
 	<session-config>
 		<session-timeout>120</session-timeout>
 	</session-config>
-
-	<!-- Auth0 Configuration -->
-	<context-param>
-		<param-name>redirect_on_success</param-name>
-		<param-value>/IRCT-UI/token.html</param-value>
-	</context-param>
-
-
 </web-app>