-
Notifications
You must be signed in to change notification settings - Fork 392
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cb 4389 convert reverse proxy (#2300)
* CB-4389. Converted reverse proxy to identity provider * CB-4039 build logout redirect link on backend side * CB-4039 fix return value * CB-4389. Added auto configuration for Reverse proxy if its enabled on ce, fixed typo, rename plugin parameters * CB-4389. Added check for already exist configuration * CB-4389. Refactor after review * CB-4039 adds logout with context for Okta Identity Provider * CB-4039 backward compatibility fix * CB-4039 add since annotation * CB-4039 api return type fix * CB-4039 logout extended * CB-4389. Refactor after review * CB-4389. Refactor after review * CB-4039 okta logout redirect moved to AuthenticationService * CB-4039 remove windowService dep * CB-4039 removes old logic of identity provider logout links * CB-4039 okta review changes * CB-4389. Merge logout logic into branch * CB-4389. Delete param after review * CB-4389. Converted reverse proxy to identity provider * CB-4389. Added auto configuration for Reverse proxy if its enabled on ce, fixed typo, rename plugin parameters * CB-4389. Added check for already exist configuration * CB-4389. Refactor after review * CB-4389. Refactor after review * CB-4389. Refactor after review * CB-4039 adds logout with context for Okta Identity Provider * CB-4039 okta logout redirect moved to AuthenticationService * CB-4389. Merge logout logic into branch * CB-4389. Delete param after review * CB-4546 shows hex/base64 only on blob column selection (#2314) Co-authored-by: s.teleshev <[email protected]> Co-authored-by: Evgenia Bezborodova <[email protected]> Co-authored-by: Daria Marutkina <[email protected]> * CB-4389. Fix logout redirect and npe for logout parameter * CB-4389. Fix logout redirect and npe for logout parameter * CB-4389. Change version --------- Co-authored-by: Aleksandr Skoblikov <[email protected]> Co-authored-by: s.teleshev <[email protected]> Co-authored-by: Daria Marutkina <[email protected]> Co-authored-by: Evgenia Bezborodova <[email protected]> Co-authored-by: sergeyteleshev <[email protected]>
- Loading branch information
1 parent
f4fd603
commit 4cdb3ac
Showing
11 changed files
with
262 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
server/bundles/io.cloudbeaver.model/src/io/cloudbeaver/auth/SMSignOutLinkProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/* | ||
* DBeaver - Universal Database Manager | ||
* Copyright (C) 2010-2024 DBeaver Corp and others | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package io.cloudbeaver.auth; | ||
|
||
import org.jkiss.code.NotNull; | ||
import org.jkiss.dbeaver.DBException; | ||
import org.jkiss.dbeaver.model.security.SMAuthProviderCustomConfiguration; | ||
|
||
import java.util.Map; | ||
|
||
public interface SMSignOutLinkProvider { | ||
|
||
/** | ||
* @return a common link for logout, not related with the user context | ||
*/ | ||
@NotNull | ||
String getCommonSignOutLink(String id, @NotNull Map<String, Object> providerConfig) throws DBException; | ||
|
||
String getUserSignOutLink( | ||
@NotNull SMAuthProviderCustomConfiguration providerConfig, | ||
@NotNull Map<String, Object> userCredentials | ||
) throws DBException; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 26 additions & 0 deletions
26
server/bundles/io.cloudbeaver.service.auth/src/io/cloudbeaver/service/auth/RPConstants.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
/* | ||
* DBeaver - Universal Database Manager | ||
* Copyright (C) 2010-2024 DBeaver Corp and others | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package io.cloudbeaver.service.auth; | ||
|
||
interface RPConstants { | ||
String PARAM_LOGOUT_URL = "logout-url"; | ||
String PARAM_USER = "user-header"; | ||
String PARAM_TEAM = "team-header"; | ||
String PARAM_FIRST_NAME = "first-name-header"; | ||
String PARAM_LAST_NAME = "last-name-header"; | ||
String PARAM_ROLE_NAME = "role-header"; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
110 changes: 110 additions & 0 deletions
110
...io.cloudbeaver.service.auth/src/io/cloudbeaver/service/auth/ReverseProxyConfigurator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
/* | ||
* DBeaver - Universal Database Manager | ||
* Copyright (C) 2010-2024 DBeaver Corp and others | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package io.cloudbeaver.service.auth; | ||
|
||
import io.cloudbeaver.auth.provider.rp.RPAuthProvider; | ||
import io.cloudbeaver.model.app.WebAppConfiguration; | ||
import io.cloudbeaver.model.app.WebApplication; | ||
import io.cloudbeaver.model.app.WebAuthApplication; | ||
import io.cloudbeaver.model.session.WebSession; | ||
import io.cloudbeaver.service.DBWServiceServerConfigurator; | ||
import org.jkiss.code.NotNull; | ||
import org.jkiss.code.Nullable; | ||
import org.jkiss.dbeaver.DBException; | ||
import org.jkiss.dbeaver.Log; | ||
import org.jkiss.dbeaver.model.security.SMAuthProviderCustomConfiguration; | ||
|
||
import java.util.HashMap; | ||
import java.util.Map; | ||
|
||
public class ReverseProxyConfigurator implements DBWServiceServerConfigurator { | ||
private static final Log log = Log.getLog(ReverseProxyConfigurator.class); | ||
|
||
@Override | ||
public void configureServer( | ||
@NotNull WebApplication application, | ||
@Nullable WebSession session, | ||
@NotNull WebAppConfiguration appConfig | ||
) throws DBException { | ||
} | ||
|
||
@Override | ||
public void migrateConfigurationIfNeeded(@NotNull WebApplication application) throws DBException { | ||
if (migrationNotNeeded(application)) { | ||
return; | ||
} | ||
migrateConfiguration(application); | ||
} | ||
|
||
@Override | ||
public void reloadConfiguration(@NotNull WebAppConfiguration appConfig) throws DBException { | ||
|
||
} | ||
|
||
private void migrateConfiguration( | ||
@NotNull WebApplication application | ||
) { | ||
if (!(application instanceof WebAuthApplication authApplication)) { | ||
return; | ||
} | ||
|
||
SMAuthProviderCustomConfiguration smReverseProxyProviderConfiguration = | ||
authApplication.getAuthConfiguration().getAuthProviderConfiguration(RPAuthProvider.AUTH_PROVIDER); | ||
if (smReverseProxyProviderConfiguration == null) { | ||
smReverseProxyProviderConfiguration = new SMAuthProviderCustomConfiguration(RPAuthProvider.AUTH_PROVIDER); | ||
smReverseProxyProviderConfiguration.setProvider(RPAuthProvider.AUTH_PROVIDER); | ||
smReverseProxyProviderConfiguration.setDisplayName("Reverse Proxy"); | ||
smReverseProxyProviderConfiguration.setDescription( | ||
"Automatically created provider after changing Reverse Proxy configuration way in 23.3.4 version" | ||
); | ||
smReverseProxyProviderConfiguration .setIconURL(""); | ||
Map<String, Object> parameters = new HashMap<>(); | ||
parameters.put(RPConstants.PARAM_USER, RPAuthProvider.X_USER); | ||
parameters.put(RPConstants.PARAM_TEAM, RPAuthProvider.X_TEAM); | ||
parameters.put(RPConstants.PARAM_FIRST_NAME, RPAuthProvider.X_FIRST_NAME); | ||
parameters.put(RPConstants.PARAM_LAST_NAME, RPAuthProvider.X_LAST_NAME); | ||
smReverseProxyProviderConfiguration.setParameters(parameters); | ||
authApplication.getAuthConfiguration().addAuthProviderConfiguration(smReverseProxyProviderConfiguration ); | ||
try { | ||
authApplication.flushConfiguration(); | ||
} catch (Exception e) { | ||
log.error("Failed to save server configuration", e); | ||
} | ||
} | ||
} | ||
|
||
private boolean migrationNotNeeded(@NotNull WebApplication application) { | ||
if (!(application instanceof WebAuthApplication authApplication)) { | ||
return true; | ||
} | ||
|
||
if (!authApplication.getAuthConfiguration().isAuthProviderEnabled(RPAuthProvider.AUTH_PROVIDER)) { | ||
log.debug("Reverse proxy provider disabled, migration not needed"); | ||
return true; | ||
} | ||
|
||
boolean isReverseProxyConfigured = authApplication.getAuthConfiguration() | ||
.getAuthCustomConfigurations().stream() | ||
.anyMatch(p -> p.getProvider().equals(RPAuthProvider.AUTH_PROVIDER)); | ||
|
||
if (isReverseProxyConfigured) { | ||
log.debug("Reverse proxy provider already exist, migration not needed"); | ||
return true; | ||
} | ||
return false; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.