Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
dariah
dariahsp
Commits
1e8a9d66
Commit
1e8a9d66
authored
Oct 30, 2020
by
Gradl, Tobias
Browse files
2: Migrate core behavior to new base
Task-Url:
#2
parent
17d8a62d
Pipeline
#17543
failed with stage
in 1 minute and 3 seconds
Changes
7
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
dariahsp-core/build.gradle
View file @
1e8a9d66
...
...
@@ -17,6 +17,8 @@ dependencies {
implementation
"org.pac4j:spring-webmvc-pac4j:$webmvcPac4jVersion"
implementation
"org.pac4j:pac4j-saml:$pac4jVersion"
implementation
"org.pac4j:pac4j-http:$pac4jVersion"
implementation
"org.aspectj:aspectjweaver"
testImplementation
librarySets
.
commonTest
}
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/CombinedSecurityConfigurationAdapter.java
0 → 100644
View file @
1e8a9d66
package
eu.dariah.de.dariahsp.config
;
import
java.util.List
;
import
java.util.stream.Collectors
;
import
org.pac4j.core.client.Client
;
import
org.pac4j.core.config.Config
;
import
org.pac4j.springframework.security.web.Pac4jEntryPoint
;
import
org.pac4j.springframework.security.web.SecurityFilter
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.security.access.expression.SecurityExpressionHandler
;
import
org.springframework.security.access.hierarchicalroles.RoleHierarchy
;
import
org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
;
import
org.springframework.security.config.http.SessionCreationPolicy
;
import
org.springframework.security.web.FilterInvocation
;
import
org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
;
import
org.springframework.security.web.authentication.www.BasicAuthenticationFilter
;
public
class
CombinedSecurityConfigurationAdapter
extends
WebSecurityConfigurerAdapter
{
@Autowired
private
Config
config
;
@Bean
public
RoleHierarchy
roleHierarchy
()
{
RoleHierarchyImpl
r
=
new
RoleHierarchyImpl
();
r
.
setHierarchy
(
"ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER"
);
return
r
;
}
@Override
protected
void
configure
(
final
HttpSecurity
http
)
throws
Exception
{
List
<
String
>
enabledClientNames
=
config
.
getClients
().
findAllClients
().
stream
()
.
map
(
Client:
:
getName
)
.
collect
(
Collectors
.
toList
());
final
SecurityFilter
filter
=
new
SecurityFilter
(
config
,
enabledClientNames
.
stream
().
collect
(
Collectors
.
joining
(
","
)));
http
/*.requestMatchers()
.antMatchers("/saml/**", "/form/**")
.and()
.authorizeRequests()
.antMatchers("/saml/admin.html").hasRole("ADMINISTRATOR")
.antMatchers("/saml/**").authenticated()*/
//.and()
.
addFilterBefore
(
filter
,
BasicAuthenticationFilter
.
class
)
.
sessionManagement
().
sessionCreationPolicy
(
SessionCreationPolicy
.
ALWAYS
);
if
(!
enabledClientNames
.
isEmpty
()
&&
enabledClientNames
.
get
(
0
).
equals
(
"FormClient"
))
{
http
.
exceptionHandling
().
authenticationEntryPoint
(
new
Pac4jEntryPoint
(
config
,
"FormClient"
));
}
}
protected
SecurityExpressionHandler
<
FilterInvocation
>
webExpressionHandler
()
{
DefaultWebSecurityExpressionHandler
defaultWebSecurityExpressionHandler
=
new
DefaultWebSecurityExpressionHandler
();
defaultWebSecurityExpressionHandler
.
setRoleHierarchy
(
roleHierarchy
());
return
defaultWebSecurityExpressionHandler
;
}
}
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/DefaultFiltersConfigurationAdapter.java
0 → 100644
View file @
1e8a9d66
package
eu.dariah.de.dariahsp.config
;
import
org.pac4j.core.config.Config
;
import
org.pac4j.springframework.security.web.CallbackFilter
;
import
org.pac4j.springframework.security.web.LogoutFilter
;
import
org.pac4j.springframework.security.web.Pac4jEntryPoint
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.security.access.expression.SecurityExpressionHandler
;
import
org.springframework.security.access.hierarchicalroles.RoleHierarchy
;
import
org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
;
import
org.springframework.security.web.FilterInvocation
;
import
org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
;
import
org.springframework.security.web.authentication.www.BasicAuthenticationFilter
;
public
class
DefaultFiltersConfigurationAdapter
extends
WebSecurityConfigurerAdapter
{
@Autowired
private
Config
config
;
protected
void
configure
(
final
HttpSecurity
http
)
throws
Exception
{
final
CallbackFilter
callbackFilter
=
new
CallbackFilter
(
config
);
callbackFilter
.
setMultiProfile
(
true
);
final
LogoutFilter
logoutFilter
=
new
LogoutFilter
(
config
,
"/?defaulturlafterlogout"
);
logoutFilter
.
setDestroySession
(
true
);
logoutFilter
.
setSuffix
(
"/pac4jLogout"
);
final
LogoutFilter
centralLogoutFilter
=
new
LogoutFilter
(
config
,
"http://localhost:8080/?defaulturlafterlogoutafteridp"
);
centralLogoutFilter
.
setLocalLogout
(
false
);
centralLogoutFilter
.
setCentralLogout
(
true
);
centralLogoutFilter
.
setLogoutUrlPattern
(
"http://localhost:8080/.*"
);
centralLogoutFilter
.
setSuffix
(
"/pac4jCentralLogout"
);
http
.
authorizeRequests
().
anyRequest
().
permitAll
()
.
and
()
.
exceptionHandling
().
authenticationEntryPoint
(
new
Pac4jEntryPoint
(
config
,
"FormClient"
))
.
and
()
.
addFilterBefore
(
callbackFilter
,
BasicAuthenticationFilter
.
class
)
.
addFilterBefore
(
logoutFilter
,
CallbackFilter
.
class
)
.
addFilterAfter
(
centralLogoutFilter
,
CallbackFilter
.
class
)
.
csrf
().
disable
()
.
logout
()
.
logoutSuccessUrl
(
"/"
);
}
}
\ No newline at end of file
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/SecurityConfig.java
View file @
1e8a9d66
...
...
@@ -19,8 +19,11 @@ import org.pac4j.springframework.annotation.AnnotationConfig;
import
org.pac4j.springframework.component.ComponentConfig
;
import
org.springframework.boot.context.properties.ConfigurationProperties
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.ComponentScan
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.context.annotation.Import
;
import
org.springframework.security.access.hierarchicalroles.RoleHierarchy
;
import
org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
;
import
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
;
import
eu.dariah.de.dariahsp.CustomAuthorizer
;
...
...
@@ -32,6 +35,7 @@ import lombok.extern.slf4j.Slf4j;
@Data
@Slf4j
@Configuration
@ComponentScan
@ConfigurationProperties
(
prefix
=
"auth"
)
@Import
({
ComponentConfig
.
class
,
AnnotationConfig
.
class
})
public
class
SecurityConfig
{
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/WebSecurityConfig.java
deleted
100644 → 0
View file @
17d8a62d
package
eu.dariah.de.dariahsp.config
;
import
java.util.List
;
import
java.util.stream.Collectors
;
import
org.pac4j.core.client.Client
;
import
org.pac4j.core.config.Config
;
import
org.pac4j.springframework.security.web.CallbackFilter
;
import
org.pac4j.springframework.security.web.LogoutFilter
;
import
org.pac4j.springframework.security.web.Pac4jEntryPoint
;
import
org.pac4j.springframework.security.web.SecurityFilter
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.core.annotation.Order
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
;
import
org.springframework.security.config.http.SessionCreationPolicy
;
import
org.springframework.security.web.authentication.www.BasicAuthenticationFilter
;
@EnableWebSecurity
public
class
WebSecurityConfig
{
@Configuration
@Order
(
7
)
public
static
class
Saml2WebSecurityConfigurationAdapter
extends
WebSecurityConfigurerAdapter
{
@Autowired
private
Config
config
;
protected
void
configure
(
final
HttpSecurity
http
)
throws
Exception
{
List
<
String
>
enabledClientNames
=
config
.
getClients
().
findAllClients
().
stream
()
.
map
(
Client:
:
getName
)
.
collect
(
Collectors
.
toList
());
final
SecurityFilter
filter
=
new
SecurityFilter
(
config
,
enabledClientNames
.
stream
().
collect
(
Collectors
.
joining
(
","
)));
http
.
requestMatchers
()
.
antMatchers
(
"/saml/**"
,
"/form/**"
)
.
and
()
.
authorizeRequests
()
.
antMatchers
(
"/saml/admin.html"
).
hasRole
(
"ADMINISTRATOR"
)
.
antMatchers
(
"/saml/**"
).
authenticated
()
.
and
()
.
addFilterBefore
(
filter
,
BasicAuthenticationFilter
.
class
)
.
sessionManagement
().
sessionCreationPolicy
(
SessionCreationPolicy
.
ALWAYS
);
if
(!
enabledClientNames
.
isEmpty
()
&&
enabledClientNames
.
get
(
0
).
equals
(
"FormClient"
))
{
http
.
exceptionHandling
().
authenticationEntryPoint
(
new
Pac4jEntryPoint
(
config
,
"FormClient"
));
}
http
.
sessionManagement
().
sessionCreationPolicy
(
SessionCreationPolicy
.
ALWAYS
);
}
}
@Configuration
@Order
(
15
)
public
static
class
DefaultWebSecurityConfigurationAdapter
extends
WebSecurityConfigurerAdapter
{
@Autowired
private
Config
config
;
protected
void
configure
(
final
HttpSecurity
http
)
throws
Exception
{
final
CallbackFilter
callbackFilter
=
new
CallbackFilter
(
config
);
callbackFilter
.
setMultiProfile
(
true
);
final
LogoutFilter
logoutFilter
=
new
LogoutFilter
(
config
,
"/?defaulturlafterlogout"
);
logoutFilter
.
setDestroySession
(
true
);
logoutFilter
.
setSuffix
(
"/pac4jLogout"
);
final
LogoutFilter
centralLogoutFilter
=
new
LogoutFilter
(
config
,
"http://localhost:8080/?defaulturlafterlogoutafteridp"
);
centralLogoutFilter
.
setLocalLogout
(
false
);
centralLogoutFilter
.
setCentralLogout
(
true
);
centralLogoutFilter
.
setLogoutUrlPattern
(
"http://localhost:8080/.*"
);
centralLogoutFilter
.
setSuffix
(
"/pac4jCentralLogout"
);
http
.
authorizeRequests
().
anyRequest
().
permitAll
()
.
and
()
.
exceptionHandling
().
authenticationEntryPoint
(
new
Pac4jEntryPoint
(
config
,
"FormClient"
))
.
and
()
.
addFilterBefore
(
callbackFilter
,
BasicAuthenticationFilter
.
class
)
.
addFilterBefore
(
logoutFilter
,
CallbackFilter
.
class
)
.
addFilterAfter
(
centralLogoutFilter
,
CallbackFilter
.
class
)
.
csrf
().
disable
()
.
logout
()
.
logoutSuccessUrl
(
"/"
);
}
}
}
dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/config/SampleWebSecurityConfig.java
View file @
1e8a9d66
package
eu.dariah.de.dariahsp.sample.config
;
import
org.
pac4j.
springframework.
annotation.A
nnotationConfig
;
import
org.
pac4j.
springframework.co
mponent.ComponentConfig
;
import
org.springframework.
context.annotation.Import
;
import
org.springframework.
context.a
nnotation
.
Config
uration
;
import
org.springframework.co
re.annotation.Order
;
import
org.springframework.
security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
;
import
eu.dariah.de.dariahsp.config.CombinedSecurityConfigurationAdapter
;
import
eu.dariah.de.dariahsp.config.DefaultFiltersConfigurationAdapter
;
import
eu.dariah.de.dariahsp.config.WebSecurityConfig
;
@EnableWebSecurity
@Import
({
WebSecurityConfig
.
class
})
public
class
SampleWebSecurityConfig
{
public
class
SampleWebSecurityConfig
extends
WebSecurityConfigurerAdapter
{
@Configuration
@Order
(
1
)
public
static
class
WebSecurityConfigAdapter
extends
CombinedSecurityConfigurationAdapter
{
@Override
protected
void
configure
(
final
HttpSecurity
http
)
throws
Exception
{
http
.
requestMatchers
()
.
antMatchers
(
"/saml/**"
,
"/form/**"
)
.
and
()
.
authorizeRequests
()
.
antMatchers
(
"/saml/admin.html"
).
hasRole
(
"CONTRIBUTOR"
)
.
antMatchers
(
"/saml/**"
).
authenticated
();
super
.
configure
(
http
);
}
}
@Configuration
@Order
(
2
)
public
static
class
CallbackLoginLogoutConfigurationAdapter
extends
DefaultFiltersConfigurationAdapter
{}
}
dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/controller/SampleController.java
View file @
1e8a9d66
...
...
@@ -44,8 +44,10 @@ public class SampleController {
@Autowired
private
MetadataHelper
metadataHelper
;
@GetMapping
(
"/"
)
public
String
greeting
(
@RequestParam
(
name
=
"name"
,
required
=
false
,
defaultValue
=
"World"
)
String
name
,
Model
model
)
{
model
.
addAttribute
(
"name"
,
name
);
public
String
greeting
(
@RequestParam
(
name
=
"name"
,
required
=
false
,
defaultValue
=
"World"
)
String
name
,
Map
<
String
,
Object
>
map
)
{
map
.
put
(
"name"
,
name
);
map
.
put
(
PROFILES
,
profileManager
.
getAll
(
true
));
map
.
put
(
SESSION_ID
,
jeeContext
.
getSessionStore
().
getOrCreateSessionId
(
jeeContext
));
return
"home"
;
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment