Skip to content

OIDC Improvements and bug fixes#8761

Merged
ianwallen merged 7 commits into
geonetwork:mainfrom
xiechangning20:OIDC_FIX_3
Apr 29, 2025
Merged

OIDC Improvements and bug fixes#8761
ianwallen merged 7 commits into
geonetwork:mainfrom
xiechangning20:OIDC_FIX_3

Conversation

@xiechangning20
Copy link
Copy Markdown
Contributor

@xiechangning20 xiechangning20 commented Apr 25, 2025
edited
Loading

Added pre-login filter to enable autologin, and restrict guest users
Added configuration for a OAuth2AuthorizedClientManager, which enables refreshing access token
Fixed the check for setting the userNameAttribute in GeonetworkOidcUserService.java and the Client Registration UserNameAttribute configuration in GeonetworkClientRegistrationProvider.java to based on OIDCConfig
Update the postLogoutRedirect endpoint to exclude default port numbers

  • [✔️ ] I have read the contribution guidelines
  • Pull request provided for main branch, backports managed with label
  • [✔️ ] Good housekeeping of code, cleaning up comments, tests, and documentation
  • [✔️ ] Clean commit history broken into understandable chucks, avoiding big commits with hundreds of files, cautious of reformatting and whitespace changes
  • Clean commit messages, longer verbose messages are encouraged
  • API Changes are identified in commit messages
  • Testing provided for features or enhancements using automatic tests
  • User documentation provided for new features or enhancements in manual
  • Build documentation provided for development instructions in README.md files
  • Library management using pom.xml dependency management. Update build documentation with intended library use and library tutorials or documentation

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 25, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@josegar74 josegar74 requested a review from davidblasby April 25, 2025 20:14
@josegar74 josegar74 added this to the 4.4.8 milestone Apr 25, 2025
davidblasby
davidblasby approved these changes Apr 25, 2025
View reviewed changes
Comment thread ...va/org/fao/geonet/kernel/security/openidconnect/GeonetworkOidcPreAuthActionsLoginFilter.java
import java.io.IOException;
import java.net.URLEncoder;

public class GeonetworkOidcPreAuthActionsLoginFilter implements Filter {
Copy link
Copy Markdown
Contributor

@davidblasby davidblasby Apr 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add javadoc to explain what this is doing

Copy link
Copy Markdown
Contributor Author

@xiechangning20 xiechangning20 Apr 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Java docs added

josegar74
josegar74 reviewed Apr 29, 2025
View reviewed changes
Comment thread core/src/main/java/org/fao/geonet/kernel/security/openidconnect/OAuth2Configuration.java
@@ -0,0 +1,41 @@
package org.fao.geonet.kernel.security.openidconnect;
Copy link
Copy Markdown
Member

@josegar74 josegar74 Apr 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add file header

Copy link
Copy Markdown
Contributor Author

@xiechangning20 xiechangning20 Apr 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added

Comment thread ...va/org/fao/geonet/kernel/security/openidconnect/GeonetworkOidcPreAuthActionsLoginFilter.java
@@ -0,0 +1,85 @@
package org.fao.geonet.kernel.security.openidconnect;
Copy link
Copy Markdown
Member

@josegar74 josegar74 Apr 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add file header

Copy link
Copy Markdown
Contributor Author

@xiechangning20 xiechangning20 Apr 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added

@ianwallen ianwallen merged commit 0d325b0 into geonetwork:main Apr 29, 2025
7 checks passed
@geonetworkbuild
Copy link
Copy Markdown
Collaborator

geonetworkbuild commented Apr 29, 2025

The backport to 4.2.x failed:

The process '/usr/bin/git' failed with exit code 1
stderr 
The previous cherry-pick is now empty, possibly due to conflict resolution.
If you wish to commit it anyway, use:

    git commit --allow-empty

Otherwise, please use 'git cherry-pick --skip'
stdout 
On branch backport-8761-to-4.2.x
You are currently cherry-picking commit ef51c8b246.
  (all conflicts fixed: run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

nothing to commit, working tree clean

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-4.2.x 4.2.x
# Navigate to the new working tree
cd .worktrees/backport-4.2.x
# Create a new branch
git switch --create backport-8761-to-4.2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick ef51c8b24699beadab1b021b3bd4a24924a21889,189bce83a5dd38c29b513133fe4bdc0d2883c0dd,c00fb2c366b0550ae1b327f25caf38ef680b8099,1deff2b019c71db748c6a8d67c6f3dd2b91d47ca,050e6a0a11e80a4ad81dfcd46073dc49ecb3fda7,b2eae4d9d552c9f5c92db588e7a40432c09ec1ae,39001dbb142dc64d3fd212cce8f0c691aa3c2bdd
# Push it to GitHub
git push --set-upstream origin backport-8761-to-4.2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-4.2.x

Then, create a pull request where the base branch is 4.2.x and the compare/head branch is backport-8761-to-4.2.x.

ianwallen pushed a commit to ianwallen/core-geonetwork that referenced this pull request Apr 29, 2025
@xiechangning20 @ianwallen
OIDC Improvements and bug fixes (geonetwork#8761)
5bf805d 
Added pre-login filter to enable autologin, and restrict guest users
Added configuration for a OAuth2AuthorizedClientManager, which enables refreshing access token
Fixed the check for setting the userNameAttribute in GeonetworkOidcUserService.java and the Client Registration UserNameAttribute configuration in GeonetworkClientRegistrationProvider.java to based on OIDCConfig
Update the postLogoutRedirect endpoint to exclude default port numbers


* Update AudienceAccessTokenValidator.java

Fix logic

* oidc fix

* remove @configuration in OAuth2Config

* add license file header
@ianwallen ianwallen mentioned this pull request Apr 29, 2025
Merged
ianwallen added a commit that referenced this pull request Apr 29, 2025
@ianwallen @xiechangning20
OIDC Improvements and bug fixes (#8761) (#8767)
f16491c 
Added pre-login filter to enable autologin, and restrict guest users
Added configuration for a OAuth2AuthorizedClientManager, which enables refreshing access token
Fixed the check for setting the userNameAttribute in GeonetworkOidcUserService.java and the Client Registration UserNameAttribute configuration in GeonetworkClientRegistrationProvider.java to based on OIDCConfig
Update the postLogoutRedirect endpoint to exclude default port numbers


* Update AudienceAccessTokenValidator.java

Fix logic

* oidc fix

* remove @configuration in OAuth2Config

* add license file header

Co-authored-by: xiechangning20 <59653172+xiechangning20@users.noreply.github.com>
ianwallen added a commit that referenced this pull request Sep 23, 2025
@ianwallen
Applied some missing beans to config-security-openidconnect.xml
0f500fc 
The changes were applied to config-security-openidconnectbearer.xml in the following PR. But seems to have missed applying the changes in config-security-openidconnect.xml
#8875
#8761
@ianwallen ianwallen mentioned this pull request Sep 23, 2025
Merged
10 tasks
ianwallen added a commit that referenced this pull request Sep 24, 2025
@ianwallen
Applied some missing beans to config-security-openidconnect.xml (#9037)
f9f8aef 
The changes were applied to config-security-openidconnectbearer.xml in the following PR. But seems to have missed applying the changes in config-security-openidconnect.xml
#8875
#8761
geonetworkbuild pushed a commit that referenced this pull request Sep 24, 2025
@ianwallen @github-actions
Applied some missing beans to config-security-openidconnect.xml
7594de9 
The changes were applied to config-security-openidconnectbearer.xml in the following PR. But seems to have missed applying the changes in config-security-openidconnect.xml
#8875
#8761
ianwallen added a commit that referenced this pull request Sep 24, 2025
@geonetworkbuild @ianwallen
Applied some missing beans to config-security-openidconnect.xml (#9040)
4a62b30 
The changes were applied to config-security-openidconnectbearer.xml in the following PR. But seems to have missed applying the changes in config-security-openidconnect.xml
#8875
#8761

Co-authored-by: Ian Allen <ianwallen@hotmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josegar74 josegar74 josegar74 left review comments

@davidblasby davidblasby davidblasby approved these changes

Assignees

No one assigned

Labels

backport 4.2.x failed backport

Projects

None yet

Milestone

4.4.8

Development

Successfully merging this pull request may close these issues.

6 participants

@xiechangning20 @CLAassistant @geonetworkbuild @josegar74 @davidblasby @ianwallen