Merge pull request #224 from Esri/f/2.7.2

F/2.7.2

README.md

@@ -12,10 +12,10 @@ To report an issue, please go to [issues](https://github.com/Esri/geoportal-serv
 The nature of the Harvester application is, as the name suggests, to harvest metadata from whatever web endpoints it is provided. The list(s) of endpoints to download metadata from can also be provided by external entities over the internet. Neither the metadata being harvested nor the list(s) of endpoints provided by external entities are vetted or checked by the Harvester. **Users who wish to limit the scope of the Harvester's reach should configure the network or machine where the Harvester is located with allow lists or deny lists of web endpoints to prevent the Harvester from reaching undesirable locations.**
 
 ## Releases and Downloads
-- 2.7.1 - December 21, 2023, [release notes](https://github.com/Esri/geoportal-server-harvester/releases/tag/v2.7.1). 
-- 2.7.0 - June 13, 2021. 
-- 2.6.5 - July 13, 2021. 
-- 2.6.4 - July 8, 2020. 
+- 2.7.1 - December 21, 2023, click [here](https://github.com/Esri/geoportal-server-harvester/releases/tag/v2.7.1) for release notes and downloads. 
+- 2.7.0 - June 13, 2021, click [here](https://github.com/Esri/geoportal-server-harvester/releases/tag/v2.7.1) for release notes and downloads. 
+- 2.6.5 - July 13, 2021, click [here](https://github.com/Esri/geoportal-server-harvester/releases/tag/v2.6.5) for release notes and downloads. 
+- 2.6.4 - July 8, 2020, click [here](https://github.com/Esri/geoportal-server-harvester/releases/tag/v2.6.4) for release notes and downloads. 
 
 ## Features
 

geoportal-SDK/geoportal-harvester-api-base/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.esri.geoportal</groupId>
         <artifactId>geoportal-SDK</artifactId>
-        <version>2.7.1</version>
+        <version>2.7.2</version>
     </parent>
     <artifactId>harvester-api-base</artifactId>
     <name>Esri :: Geoportal Server :: Harvester :: Api Base</name>

geoportal-SDK/geoportal-harvester-api/pom.xml

@@ -4,12 +4,12 @@
     <parent>
       <artifactId>geoportal-SDK</artifactId>
       <groupId>com.esri.geoportal</groupId>
-      <version>2.7.1</version>
+      <version>2.7.2</version>
     </parent>
     <artifactId>harvester-api</artifactId>
     <name>Esri :: Geoportal Server :: Harvester :: Api</name>
     <description>Definitions of all basic elements of the Harvester (interfaces, final classes, etc.).</description>
-    <version>2.7.1</version>
+    <version>2.7.2</version>
     <packaging>jar</packaging>
     <dependencies>
         <dependency>

geoportal-SDK/pom.xml

@@ -4,7 +4,7 @@
     <parent>
       <artifactId>geoportal-harvester</artifactId>
       <groupId>com.esri.geoportal</groupId>
-      <version>2.7.1</version>
+      <version>2.7.2</version>
     </parent>
     <artifactId>geoportal-SDK</artifactId>
     <packaging>pom</packaging>

geoportal-application/geoportal-harvester-cli/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.esri.geoportal</groupId>
         <artifactId>geoportal-application</artifactId>
-        <version>2.7.1</version>
+        <version>2.7.2</version>
     </parent>
     <artifactId>geoportal-harvester-cli</artifactId>
     <packaging>jar</packaging>

geoportal-application/geoportal-harvester-engine/pom.xml

@@ -4,7 +4,7 @@
     <parent>
       <artifactId>geoportal-application</artifactId>
       <groupId>com.esri.geoportal</groupId>
-      <version>2.7.1</version>
+      <version>2.7.2</version>
     </parent>
     <artifactId>geoportal-harvester-engine</artifactId>
     <name>Esri :: Geoportal Server :: Harvester :: Application :: Engine</name>

geoportal-application/geoportal-harvester-war/pom.xml

@@ -4,7 +4,7 @@
     <parent>
       <artifactId>geoportal-application</artifactId>
       <groupId>com.esri.geoportal</groupId>
-      <version>2.7.1</version>
+      <version>2.7.2</version>
     </parent>
     <artifactId>geoportal-harvester-war</artifactId>
     <packaging>war</packaging>
@@ -89,12 +89,27 @@
         <dependency>
           <groupId>org.springframework.security.oauth</groupId>
           <artifactId>spring-security-oauth2</artifactId>
-          <version>2.5.1.RELEASE</version>
+          <version>2.5.2.RELEASE</version>
         </dependency>
         <dependency>
           <groupId>org.springframework.security</groupId>
           <artifactId>spring-security-jwt</artifactId>
           <version>1.1.1.RELEASE</version>
+        </dependency> 
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+            <version>${springsecurity.version}</version>
+        </dependency>
+       <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-jose</artifactId>
+            <version>${springsecurity.version}</version>
+        </dependency> 
+         <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-core</artifactId>
+            <version>${springsecurity.version}</version>
         </dependency>
     </dependencies>
 

geoportal-application/geoportal-harvester-war/src/main/java/com/esri/geoportal/base/security/ArcGISOAuth2LoginConfig.java

@@ -0,0 +1,71 @@
+/*
+ * Copyright 2024 cont_anki.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.esri.geoportal.base.security;
+
+
+import java.util.Arrays;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.converter.FormHttpMessageConverter;
+import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
+import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler;
+import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
+import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
+import org.springframework.web.client.RestTemplate;
+
+/**
+ *
+ * @author cont_anki
+ */
+@Configuration
+public class ArcGISOAuth2LoginConfig {
+
+
+     @Bean
+     public OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> arcgisTokenResponseClient() {
+		OAuth2AccessTokenResponseHttpMessageConverter tokenResponseHttpMessageConverter =
+				new OAuth2AccessTokenResponseHttpMessageConverter();
+		tokenResponseHttpMessageConverter.setTokenResponseConverter(new CustomAccessTokenResponseConverter());
+
+		RestTemplate restTemplate = new RestTemplate(Arrays.asList(
+				new FormHttpMessageConverter(), tokenResponseHttpMessageConverter));
+		restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
+
+		DefaultAuthorizationCodeTokenResponseClient tokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
+		tokenResponseClient.setRestOperations(restTemplate);
+
+		return tokenResponseClient;
+	}
+
+     @Bean
+     public DefaultOAuth2UserService customUserService()
+     {
+         DefaultOAuth2UserService userService = new DefaultOAuth2UserService();
+
+         userService.setRequestEntityConverter(new CustomRequestEntityConverter());
+
+         return userService;
+
+     }
+
+
+}
+
+
+
+

geoportal-application/geoportal-harvester-war/src/main/java/com/esri/geoportal/base/security/CustomAccessTokenResponseConverter.java

@@ -0,0 +1,74 @@
+/*
+ * Copyright 2024 cont_anki.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.esri.geoportal.base.security;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.util.StringUtils;
+
+/**
+ *
+ * @author cont_anki
+ */
+public class CustomAccessTokenResponseConverter implements Converter<Map<String, String>, OAuth2AccessTokenResponse> {
+	private static final Set<String> TOKEN_RESPONSE_PARAMETER_NAMES = Stream.of(
+			OAuth2ParameterNames.ACCESS_TOKEN,
+			OAuth2ParameterNames.TOKEN_TYPE,
+			OAuth2ParameterNames.EXPIRES_IN,
+			OAuth2ParameterNames.REFRESH_TOKEN,
+			OAuth2ParameterNames.SCOPE).collect(Collectors.toSet());
+
+	@Override
+	public OAuth2AccessTokenResponse convert(Map<String, String> tokenResponseParameters) {
+		String accessToken = tokenResponseParameters.get(OAuth2ParameterNames.ACCESS_TOKEN);
+
+		OAuth2AccessToken.TokenType accessTokenType = OAuth2AccessToken.TokenType.BEARER;
+
+		long expiresIn = 0;
+		if (tokenResponseParameters.containsKey(OAuth2ParameterNames.EXPIRES_IN)) {
+			try {
+				expiresIn = Long.valueOf(tokenResponseParameters.get(OAuth2ParameterNames.EXPIRES_IN));
+			} catch (NumberFormatException ex) { }
+		}
+
+		Set<String> scopes = Collections.emptySet();
+		if (tokenResponseParameters.containsKey(OAuth2ParameterNames.SCOPE)) {
+			String scope = tokenResponseParameters.get(OAuth2ParameterNames.SCOPE);
+			scopes = Arrays.stream(StringUtils.delimitedListToStringArray(scope, " ")).collect(Collectors.toSet());
+		}
+
+		Map<String, Object> additionalParameters = new LinkedHashMap<>();
+		tokenResponseParameters.entrySet().stream()
+				.filter(e -> !TOKEN_RESPONSE_PARAMETER_NAMES.contains(e.getKey()))
+				.forEach(e -> additionalParameters.put(e.getKey(), e.getValue()));
+
+		return OAuth2AccessTokenResponse.withToken(accessToken)
+				.tokenType(accessTokenType)
+				.expiresIn(expiresIn)
+				.scopes(scopes)
+				.additionalParameters(additionalParameters)
+				.build();
+	}
+}

geoportal-application/geoportal-harvester-war/src/main/java/com/esri/geoportal/base/security/CustomRequestEntityConverter.java

@@ -0,0 +1,102 @@
+/*
+ * Copyright 2024 cont_anki.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.esri.geoportal.base.security;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.Map;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.http.RequestEntity;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
+import org.springframework.security.oauth2.core.AuthenticationMethod;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.util.UriComponentsBuilder;
+
+/**
+ *
+ * @author cont_anki
+ */
+public class CustomRequestEntityConverter implements Converter<OAuth2UserRequest, RequestEntity<?>> {
+
+	private static final MediaType DEFAULT_CONTENT_TYPE = MediaType
+		.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8");
+
+	/**
+	 * Returns the {@link RequestEntity} used for the UserInfo Request.
+	 * @param userRequest the user request
+	 * @return the {@link RequestEntity} used for the UserInfo Request
+	 */
+	@Override
+	public RequestEntity<?> convert(OAuth2UserRequest userRequest) {
+//                String name = SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString();
+//                System.out.println("Pricipal name "+name);
+
+		ClientRegistration clientRegistration = userRequest.getClientRegistration();
+		HttpMethod httpMethod = getHttpMethod(clientRegistration);
+		HttpHeaders headers = new HttpHeaders();
+		headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
+
+                String userNameAttributeName = userRequest.getClientRegistration()
+                .getProviderDetails()
+                .getUserInfoEndpoint()
+                .getUserNameAttributeName();
+
+                Map<String, Object> reqParamMap = userRequest.getAdditionalParameters();
+                String userName="";
+                if(reqParamMap.get(userNameAttributeName) != null)
+                {
+                    userName = (String)reqParamMap.get(userNameAttributeName);
+                }
+                String userInfoUri = clientRegistration.getProviderDetails().getUserInfoEndpoint().getUri();
+                userInfoUri =userInfoUri+"/"+userName+"?f=json";
+
+		URI uri = UriComponentsBuilder
+			.fromUriString(userInfoUri)
+			.build()
+			.toUri();
+
+
+
+		RequestEntity<?> request;
+		if (HttpMethod.POST.equals(httpMethod)) {
+			headers.setContentType(DEFAULT_CONTENT_TYPE);
+			MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>();
+			formParameters.add(OAuth2ParameterNames.ACCESS_TOKEN, userRequest.getAccessToken().getTokenValue());
+			request = new RequestEntity<>(formParameters, headers, httpMethod, uri);
+		}
+		else {
+			headers.setBearerAuth(userRequest.getAccessToken().getTokenValue());
+			request = new RequestEntity<>(headers, httpMethod, uri);
+		}
+
+		return request;
+	}
+
+	private HttpMethod getHttpMethod(ClientRegistration clientRegistration) {
+		if (AuthenticationMethod.FORM
+			.equals(clientRegistration.getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod())) {
+			return HttpMethod.POST;
+		}
+		return HttpMethod.GET;
+	}
+
+}