Adding spring session redis

ORCID · Sep 13, 2024 · f19e778 · f19e778
1 parent b616230
commit f19e778
Show file tree

Hide file tree

Showing 5 changed files with 133 additions and 67 deletions.
diff --git a/orcid-core/pom.xml b/orcid-core/pom.xml
@@ -326,8 +326,18 @@
 		<dependency>
 		    <groupId>redis.clients</groupId>
 		    <artifactId>jedis</artifactId>
-		    <version>4.4.3</version>
+		    <version>3.7.1</version>
 		</dependency>
+
+
+        <!-- https://mvnrepository.com/artifact/org.json/json -->
+        <dependency>
+            <groupId>org.json</groupId>
+            <artifactId>json</artifactId>
+            <version>20240303</version>
+        </dependency>
+
+
     </dependencies>
     <build>
         <plugins>

diff --git a/orcid-web/pom.xml b/orcid-web/pom.xml
@@ -123,6 +123,18 @@
                 </exclusion>
             </exclusions>
         </dependency>
+
+        <dependency>
+            <groupId>org.springframework.session</groupId>
+            <artifactId>spring-session-core</artifactId>
+            <version>2.6.4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.session</groupId>
+            <artifactId>spring-session-data-redis</artifactId>
+            <version>2.6.4</version>
+        </dependency>
+
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-agroal</artifactId>

diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java b/orcid-web/src/main/java/org/orcid/frontend/spring/configuration/SessionCacheConfig.java
@@ -0,0 +1,50 @@
+package org.orcid.frontend.spring.configuration;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisStandaloneConfiguration;
+import org.springframework.data.redis.connection.jedis.JedisClientConfiguration;
+import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
+import org.springframework.session.data.redis.config.ConfigureRedisAction;
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.session.web.context.AbstractHttpSessionApplicationInitializer;
+import redis.clients.jedis.DefaultJedisClientConfig;
+import redis.clients.jedis.JedisClientConfig;
+
+import java.time.Duration;
+
+@Configuration
+@EnableRedisHttpSession
+public class SessionCacheConfig extends AbstractHttpSessionApplicationInitializer {
+
+    @Value("${org.orcid.core.utils.cache.redis.host}")
+    private String host;
+    @Value("${org.orcid.core.utils.cache.redis.port}")
+    private int port;
+    @Value("${org.orcid.core.utils.cache.redis.password}")
+    private String password;
+    @Value("${org.orcid.core.utils.cache.redis.connection_timeout_millis:10000}")
+    private int connectionTimeoutMillis;
+
+
+    @Bean
+    public JedisConnectionFactory connectionFactory() {
+        Duration timeoutDuration = Duration.ofMillis(connectionTimeoutMillis);
+
+        RedisStandaloneConfiguration redisStandaloneConfiguration = new RedisStandaloneConfiguration();
+        redisStandaloneConfiguration.setHostName(host);
+        redisStandaloneConfiguration.setPort(port);
+        redisStandaloneConfiguration.setPassword(password);
+
+        JedisClientConfiguration.JedisClientConfigurationBuilder jedisClientConfigurationBuilder = JedisClientConfiguration.builder();
+        jedisClientConfigurationBuilder.useSsl().and().connectTimeout(timeoutDuration).build();
+
+        return new JedisConnectionFactory(redisStandaloneConfiguration, jedisClientConfigurationBuilder.build());
+    }
+
+    @Bean
+    public static ConfigureRedisAction configureRedisAction() {
+        return ConfigureRedisAction.NO_OP;
+    }
+}
diff --git a/orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java b/orcid-web/src/main/java/org/orcid/frontend/spring/session/OrcidRedisSessionRepository.java
@@ -0,0 +1,12 @@
+package org.orcid.frontend.spring.session;
+
+import org.springframework.data.redis.core.RedisOperations;
+import org.springframework.session.data.redis.RedisSessionRepository;
+
+public class OrcidRedisSessionRepository extends RedisSessionRepository {
+
+    public OrcidRedisSessionRepository(RedisOperations<String, Object> sessionRedisOperations) {
+        super(sessionRedisOperations);
+    }
+
+}
diff --git a/orcid-web/src/main/resources/orcid-frontend-security.xml b/orcid-web/src/main/resources/orcid-frontend-security.xml
@@ -45,9 +45,6 @@
 		</property>
 	</bean>
 
-	<bean id="sessionRegistry"
-		class="org.springframework.security.core.session.SessionRegistryImpl" />
-
     <bean id="localeResolver"
         class="org.orcid.frontend.spring.i18n.OrcidCookieLocaleResolver">
         <property name="cookieName" value="locale_v3" /><!-- must match value in AjaxAuthenticationSuccessHandler -->
@@ -112,8 +109,52 @@
 	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[x](\?.*)?" security="none" create-session="stateless" />
 	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX](\?.*)?" security="none" create-session="stateless" />
 	<sec:http request-matcher="regex" pattern="/(\d{4}-){3,}\d{3}[\dX]/print" security="none" create-session="stateless" />
-	<sec:http pattern="/.well-known/**" security="none" />		
-
+	<sec:http pattern="/.well-known/**" security="none" />
+
+
+
+
+
+
+
+
+
+
+	<!--Endpoint that can be accessed anonymously and don't need to create a session-->
+	<sec:http pattern="/identifiers/norm/(.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/statistics/liveids.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/statistics(/)?$" security="none" create-session="stateless" />
+	<sec:http pattern="/(\d{4}-){3,}\d{3}[\dX]/userInfo.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/messages.json(\?.*)?" security="none" create-session="stateless"  />
+	<sec:http pattern="/config.json(\?.*)?" security="none" create-session="stateless"  />
+	<sec:http pattern="/lang.json(.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/orcid-search/.*" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/validate-reset-password.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password-email/.*" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password-email.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password-email-v2.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/claim/.*" security="none" create-session="stateless" />
+	<sec:http pattern="/resend-claim(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/resend-claim.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/validate-resend-claim.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/reset-password-email-validate-token.json(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/members(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/members/.*" security="none" create-session="stateless" />
+	<sec:http pattern="/consortia(\?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/consortia/.*" security="none" create-session="stateless" />
+	<sec:http pattern="/record-corrections" security="none" create-session="stateless" />
+	<sec:http pattern="/record-corrections/next(\/?.*)?" security="none" create-session="stateless" />
+	<sec:http pattern="/record-corrections/previous(\/?.*)??" security="none" create-session="stateless" />
+	<sec:http pattern="/about/trust/integrity/record-corrections" security="none" create-session="stateless" />
+	<sec:http pattern="/assets/(.*)?" security="none" create-session="stateless" />
+
+
+
+
+
+
     <!-- Authenticate the client before reaching the token endpoint -->
     <sec:http pattern="/oauth/token" use-expressions="false" create-session="stateless" authentication-manager-ref="clientAuthenticationManager">
     	<sec:csrf disabled="true"/>
@@ -256,22 +297,13 @@
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/home(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/identifiers/norm/(.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/statistics/liveids.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/statistics/statistics.json(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/statistics(/)?$"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
+
 		<sec:intercept-url pattern="/notifications/frequencies/[^\/\?#:]*(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/notifications/frequencies/[^\/\?#:]*/email-frequencies.json(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/orgs/disambiguated/(.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/userInfo.json(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />			
 	    <sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/worksPage.json(\?.*)?"
             access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/worksExtendedPage.json(\?.*)?"
@@ -310,22 +342,12 @@
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/(\d{4}-){3,}\d{3}[\dX]/peer-reviews-by-group-id.json(\?.*)?"
  	      	access="IS_AUTHENTICATED_ANONYMOUSLY" /> 	    
-
-		<sec:intercept-url pattern="/messages.json(\?.*)?"
+		<sec:intercept-url pattern="/public/group/[0-9]+(\?.*)?"
  	      	access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		 <sec:intercept-url pattern="/config.json(\?.*)?"
- 	      	access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
- 	    <sec:intercept-url pattern="/public/group/[0-9]+(\?.*)?"
- 	      	access="IS_AUTHENTICATED_ANONYMOUSLY" /> 	      	
-		<sec:intercept-url pattern="/lang.json(.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/login(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/signin(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/signin/facebook(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/signin/google(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/userStatus.json(\?.*)?"
@@ -336,8 +358,6 @@
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/confirm-registration-details(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/orcid-search/.*"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/register(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/register.json(\?.*)?"
@@ -356,28 +376,6 @@
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/registerConfirm.json(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/claim/.*"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/resend-claim(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/resend-claim.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/validate-resend-claim.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/reset-password(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/reset-password.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/validate-reset-password.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/reset-password-email/.*"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/reset-password-email.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />		
-		<sec:intercept-url pattern="/reset-password-email-v2.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/reset-password-email-validate-token.json(\?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/verify(\?.*)?"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/disco(\?.*)?"
@@ -388,22 +386,6 @@
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/inbox/encrypted/.*?/action?"
             access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/members(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/members/.*"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/consortia(\?.*)?"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/consortia/.*"
-            access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <sec:intercept-url pattern="/record-corrections"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<sec:intercept-url pattern="/record-corrections/next(\/?.*)?"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />			
-		<sec:intercept-url pattern="/record-corrections/previous(\/?.*)??"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />						
-		<sec:intercept-url pattern="/about/trust/integrity/record-corrections"
-			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/unsubscribe/(.+)"
 			access="IS_AUTHENTICATED_ANONYMOUSLY" />
 		<sec:intercept-url pattern="/unsubscribe/preferences.json?encryptedId=(.+)"