Skip to content

Oauth2 authentication Setup

OAuth provides clients a "secure delegated access" to server
resources on behalf of a resource owner.
It specifies a process for resource owners to authorize third-party
access to their server resources without providing credentials.
For more details visit official Oauth2 website.

For Plexus Connect to determine the active authentication server, the configuration file config.properties there needs to be created.
This file needs to be saved on the server. We recommend to use the configuration folder.

  • for UNIX ~/.chemaxon/plexus-suite/config.properties
  • for Windows ~/chemaxon/plexus-suite/config.properties

This configuration is activating by the following startup option:

1
-Dcom.chemaxon.plexus.connect.configuration.propertiesFilePath=~/chemaxon/plexus-suite/config.properties"

Basic content of config.properties is shown on following example:

1
2
3
4
5
authentication.type=pass
pass.uri=http://your_oauthserver.com/
pass.clientId="client_id"
pass.clientSecret="client_secret"
pass.publicKey=-----BEGIN PUBLIC KEY-----\*\-----END PUBLIC KEY-----

From Connect perspective, the authentication server has to have all required services in OpenID Connect Session Management. Connect expect JWT token when trying to authorize against the server.

For JWT token following attributes are mandatory

1
2
3
4
5
6
7
8
  {
    "sub": "someUSerIdOrClientId",
    "email": "emailOfUser",
    // needs authorities or group as below to have admin privileges
    "authorities": ["chemaxon"],
    "group": ["CONNECT_ADMIN"],
    "roles": ["ROLES"] //here the IJC_ROLES needs to be Specify
  }

Roles should be specified for each user individually and sent within roles attribute
When following attributes are empty, user will be authorized as ROLE_USER. More about user ROLES here
1
2
3
"authorities": [],
"group": [ ],
"roles": [ ]

For logout service implementation following piece of code can be useful:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
@GetMapping("/oauth/logout") //to be implemented by your oauth2 server
    public void exit(HttpServletRequest request, HttpServletResponse response) {
        // token can be revoked here if needed
        new SecurityContextLogoutHandler().logout(request, null, null); //logout on your oauth2 server
        System.out.println("Logging out attempt");
        try {
            //sending back to client app
            System.out.println("before send redirect");
            response.sendRedirect(request.getHeader("referer")); //redirect where you want, we redirect back
            System.out.println("after send redirect");
        } catch (IOException e) {
            System.out.println("error");
            e.printStackTrace();
        }

In the sections below, you can find basic demo tutorial, which helps you to easily set up this security solution for Plexus Conect. Oauth2_tutorial.