package org.akaza.openclinica.controller.stormpath;
import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.application.Application;
import com.stormpath.sdk.idsite.AccountResult;
import com.stormpath.spring.config.EnableStormpath;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpServletRequest;
import javax.sql.DataSource;
@EnableStormpath
@ConditionalOnProperty(name = "stormpath.application.href", matchIfMissing = false)
@Controller
/*
To includde this controller, put the following in the Tomcat setenv.sh
JAVA_OPTS="$JAVA_OPTS -Dstormpath.application.href=<stormpath application href> -DSTORMPATH_API_KEY_FILE=<path to stormpath apiKey.properties>"
*/
public class StormpathSSOController {
protected final Logger logger = LoggerFactory.getLogger(getClass().getName());
@Autowired
DataSource dataSource;
@Autowired
private ApplicationContext applicationContext;
@Autowired(required = false)
protected Application app;
@RequestMapping("/restricted/secret")
public String secret(HttpServletRequest request, Model model) {
String stormpathApp = applicationContext.getEnvironment().getProperty("stormpath.application.href");
if (StringUtils.isEmpty(stormpathApp)) {
logger.error("Environment variable STORMPATH_APPLICATION_HREF is not set");
return "redirect:/pages/login/login";
}
AccountResult accountResult = app.newIdSiteCallbackHandler(request).getAccountResult();
Account account = accountResult.getAccount();
if (account == null) {
return "redirect:/pages/login";
}
Authentication authentication = new UsernamePasswordAuthenticationToken(account.getUsername(), null,
AuthorityUtils.createAuthorityList("ROLE_USER"));
SecurityContextHolder.getContext().setAuthentication(authentication);
logger.info("After in SSO restricted controller");
return "redirect:/MainMenu";
}
protected Application getApplication(HttpServletRequest request) {
return (Application)request.getAttribute(Application.class.getName());
}
//TODO
/*
- Get the dataSource as done above
- Create new UserAccountDAO(dataSource)
-
*/
}