Skip to content

Setup Google Authentication TOTP

Jump to bottom Edit New page
Haiqi edited this page Mar 10, 2023 · 6 revisions

DB changes

  1. A new table TOTP_USER is added to the rapback_datastore db. Add a new table TOTP_USER.,Change VALIDATION_CODE's type to Integer.

AuditRestUtility changes.

Rest services are added to the AuditRestUtility to create/validate against/query/delete the TOTP_USER table entries. Add TOTP user rest services., Fix the saveTotpUser method.

Portal Changes

  1. Add the dependencies needed for QR code display and code generator. The last update of these dependency is in 2020. We need to keep an eye on it.
   <!-- google authenticator QR code -->
    <dependency>
        <groupId>com.warrenstrange</groupId>
        <artifactId>googleauth</artifactId>
        <version>1.5.0</version>
    </dependency>
    <dependency>
        <groupId>com.google.zxing</groupId>
        <artifactId>core</artifactId>
        <version>3.4.1</version>
    </dependency>
    <dependency>
        <groupId>com.google.zxing</groupId>
        <artifactId>javase</artifactId>
        <version>3.4.1</version>
    </dependency>
  1. Add the TOTP services that have the required methods
  • public Integer saveTotpUser(TotpUser totpUser);
  • public TotpUser getTotpUserByUserName(String userName);

The above 2 are required. The following 2 are used to manage the TOTP users in the portal App.

  • public Integer deleteTotpUserByUserName(String userName);
  • public List getAllTotpUsers();

Add a new package in the portal to handle the TOTP requests from the GUID and calling the rest service to Create/Validate/Query/Delete TOTP users. https://github.com/ojbc/main/tree/0c086153698662ad6db593f6f7893194479cd55d/web/ojb-web-portal/src/main/java/org/ojbc/web/portal/totp. Please not that most of these beans are created on condition. @ConditionalOnProperty(name = "otpServiceBean", havingValue = "totpServiceMemoryImpl")

  1. The implementations can be find in TotpUserService
  2. The TotpUserController contains the methods to show TOTP user lists and to delete the TOTP user from the TOTP user list.
  3. The CustomGoogleAuthenticatorConfig and the CredentialRepository are the basic implementation and custom configurations for the gAuth functionalities.
  4. The CodeController interacts with the GUI to
 1. show the QR code to user to scan to register for the first time.  
 2. Take the code user entered and validate the code against the registered username and secret key to decide whether to grant the access.
  1. The TotpUserRestService to interact with the backend DAO implementation.

The TOTP pages are under this folder https://github.com/ojbc/main/tree/0c086153698662ad6db593f6f7893194479cd55d/web/ojb-web-portal/src/main/resources/templates/otp And the files are

  1. https://github.com/ojbc/main/blob/0c086153698662ad6db593f6f7893194479cd55d/web/ojb-web-portal/src/main/resources/templates/otp/qrCode.html
  2. https://github.com/ojbc/main/blob/0c086153698662ad6db593f6f7893194479cd55d/web/ojb-web-portal/src/main/resources/templates/otp/totpInputForm.html
  3. https://github.com/ojbc/main/blob/0c086153698662ad6db593f6f7893194479cd55d/web/ojb-web-portal/src/main/resources/templates/otp/totpUsers.html

Modify the logic in https://github.com/ojbc/main/blob/0c086153698662ad6db593f6f7893194479cd55d/web/ojb-web-portal/src/main/java/org/ojbc/web/security/OJBCAccessDeniedHandler.java#L90 So that when the bean credentialRepository is not null, we will either show user the TOTP QR code or show the input form for the TOTP code.

Lastly, add method to the restService to call the TOTP rest service

Add a custom footer
Add a custom sidebar

Clone this wiki locally