GN5 / Add sign in/out support / Add loginType for JWT security provider.

fxprunayre · PascalLike · commit e667f25184b0 · 2025-12-09T09:16:45.000+01:00
diff --git a/core/src/main/java/org/fao/geonet/kernel/security/jwtheaders/JwtHeadersSecurityConfig.java b/core/src/main/java/org/fao/geonet/kernel/security/jwtheaders/JwtHeadersSecurityConfig.java
@@ -22,7 +22,10 @@
  */
 package org.fao.geonet.kernel.security.jwtheaders;
 
+import org.fao.geonet.exceptions.BadParameterEx;
 import org.fao.geonet.kernel.security.SecurityProviderConfiguration;
+import static org.fao.geonet.kernel.security.SecurityProviderConfiguration.LoginType.AUTOLOGIN;
+import static org.fao.geonet.kernel.security.SecurityProviderConfiguration.LoginType.parse;
 
 /**
  * GeoNetwork only allows one SecurityProviderConfiguration bean.
@@ -32,8 +35,8 @@
  */
 public class JwtHeadersSecurityConfig implements SecurityProviderConfiguration {
 
+    private String loginType = AUTOLOGIN.toString();
 
-    public SecurityProviderConfiguration.LoginType loginType = SecurityProviderConfiguration.LoginType.AUTOLOGIN;
     /**
      * true -> update the DB with the information from OIDC (don't allow user to edit profile in the UI)
      * false -> don't update the DB (user must edit profile in UI).
@@ -50,7 +53,27 @@ public class JwtHeadersSecurityConfig implements SecurityProviderConfiguration {
 
 
     public JwtHeadersSecurityConfig() {
+    }
 
+    @Override
+    public String getLoginType() {
+        return loginType;
+    }
+
+    public void setLoginType(String loginType) {
+        LoginType parsedLoginType = parse(loginType);
+        switch(parsedLoginType) {
+            case FORM:
+            case AUTOLOGIN:
+                break;
+            case DEFAULT:
+                parsedLoginType= AUTOLOGIN;
+                break;
+            default:
+                // Currently don't support anything else
+                throw new BadParameterEx("loginType", parsedLoginType.toString());
+        }
+        this.loginType = parsedLoginType.toString();
     }
 
     public boolean isUpdateProfile() {
@@ -72,11 +95,6 @@ public void setUpdateGroup(boolean updateGroup) {
         this.updateGroup = updateGroup;
     }
 
-    //@Override
-    public String getLoginType() {
-        return loginType.toString();
-    }
-
     // @Override
     public String getSecurityProvider() {
         return "JWT-HEADERS";
@@ -88,12 +106,9 @@ public boolean isUserProfileUpdateEnabled() {
         return !updateProfile;
     }
 
-    //========================================================================
-
     // @Override
     public boolean isUserGroupUpdateEnabled() {
         // If updating group from the security provider then disable the group updates in the interface
         return !updateGroup;
     }
-
 }
diff --git a/core/src/main/java/org/fao/geonet/util/XslUtil.java b/core/src/main/java/org/fao/geonet/util/XslUtil.java
@@ -563,9 +563,6 @@ public static boolean isAuthenticated() throws Exception {
 	public static boolean isDisableLoginForm() {
         SecurityProviderConfiguration securityProviderConfiguration = SecurityProviderConfiguration.get();
 
-        if ("gn5".equals(System.getProperty("geonetwork.security.type"))) {
-            return false;
-        }
         if (securityProviderConfiguration != null) {
             // No login form if providing a link or autologin
             return securityProviderConfiguration.getLoginType().equals(SecurityProviderConfiguration.LoginType.AUTOLOGIN.toString().toLowerCase())
diff --git a/web/src/main/webapp/WEB-INF/config-security/config-security-gn5-overrides.properties b/web/src/main/webapp/WEB-INF/config-security/config-security-gn5-overrides.properties
@@ -47,5 +47,6 @@ jwtheadersConfiguration.JwtConfiguration.validateTokenAudienceClaimValue=${JWTHE
 jwtheadersConfiguration.JwtConfiguration.validateTokenSignature=${JWTHEADERS_ValidateTokenSignature:true}
 jwtheadersConfiguration.JwtConfiguration.validateTokenSignatureURL=${JWTHEADERS_ValidateTokenSignatureURL:""}
 
+jwtHeadersSecurityConfig.loginType=form
 jwtHeadersSecurityConfig.UpdateProfile=${JWTHEADERS_UpdateProfile:false}
 jwtHeadersSecurityConfig.UpdateGroup=${JWTHEADERS_UpdateGroup:false}
diff --git a/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers-base.xml b/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers-base.xml
@@ -33,7 +33,10 @@
           http://www.springframework.org/schema/util
           http://www.springframework.org/schema/util/spring-util.xsd">
 
-  <bean id ="jwtHeadersSecurityConfig" class="org.fao.geonet.kernel.security.jwtheaders.JwtHeadersSecurityConfig"/>
+  <bean id="jwtHeadersSecurityConfig"
+        class="org.fao.geonet.kernel.security.jwtheaders.JwtHeadersSecurityConfig">
+    <property name="loginType" value="${jwtHeadersSecurityConfig.loginType}"/>
+  </bean>
 
   <bean id ="jwtheadersConfiguration" class="org.fao.geonet.kernel.security.jwtheaders.JwtHeadersConfiguration">
     <constructor-arg ref ="jwtHeadersSecurityConfig" />
diff --git a/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers-overrides.properties b/web/src/main/webapp/WEB-INF/config-security/config-security-jwt-headers-overrides.properties
@@ -47,5 +47,6 @@ jwtheadersConfiguration.JwtConfiguration.validateTokenAudienceClaimValue=${JWTHE
 jwtheadersConfiguration.JwtConfiguration.validateTokenSignature=${JWTHEADERS_ValidateTokenSignature:true}
 jwtheadersConfiguration.JwtConfiguration.validateTokenSignatureURL=${JWTHEADERS_ValidateTokenSignatureURL:""}
 
+jwtHeadersSecurityConfig.loginType=autologin
 jwtHeadersSecurityConfig.UpdateProfile=${JWTHEADERS_UpdateProfile:true}
 jwtHeadersSecurityConfig.UpdateGroup=${JWTHEADERS_UpdateGroup:true}
