709: Consolidate security configurations

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=709

dariahsp-sample/src/main/resources/spring/security/security-context-common.xml

@@ -15,6 +15,28 @@
     <security:http security="none" pattern="/logout.jsp"/>
     <security:http security="none" pattern="/resources/**"/>
     
+    
+    <security:http entry-point-ref="securityEntryPoint" use-expressions="false" access-decision-manager-ref="accessDecisionManager" >
+        <security:intercept-url pattern="/protected/**" access="IS_AUTHENTICATED_FULLY"/>
+        
+        <security:intercept-url pattern="/saml/web/**" access="IS_AUTHENTICATED_FULLY"/>
+        <!-- <security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/> -->
+        
+        
+        <security:custom-filter after="BASIC_AUTH_FILTER" ref="authFilter"/>
+        
+        <security:custom-filter ref="redirectionAwareFilter" before="PRE_AUTH_FILTER" />
+		<security:custom-filter ref="redirectionAwareFilter" after="REQUEST_CACHE_FILTER" />
+        
+        <security:request-cache ref="requestCache"/>
+        
+        <!-- Disable only for /saml/SSO** ?? -->
+        <security:csrf disabled="true" />
+    </security:http>
+    
+    
+    
+    
     <!-- This probably needs to be changed to a persisting extension of BaseUserService -->
     <bean id="userDetailsService" class="eu.dariah.de.dariahsp.sample.service.CachingUserServiceImpl" />
     

dariahsp-sample/src/main/resources/spring/security/security-context-local.xml

@@ -8,8 +8,11 @@
 				
 	<import resource="security-context-common.xml"/>	
 
+
+	
+
 	
-	<security:http disable-url-rewriting="true" auto-config="true" use-expressions="false" access-decision-manager-ref="accessDecisionManager" >
+	<!-- <security:http disable-url-rewriting="true" auto-config="true" use-expressions="false" access-decision-manager-ref="accessDecisionManager" >
 		<security:csrf disabled="true"/>
 		<security:intercept-url pattern="/test/jumboFluid" requires-channel="http" access="IS_AUTHENTICATED_FULLY" />
 		
@@ -28,20 +31,28 @@
 		<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/" />
 		
 		<security:request-cache ref="requestCache"/>
-	</security:http>
+	</security:http> -->
+	
+	<bean id="authFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" >
+    	<property name="authenticationManager" ref="authenticationManager" />
+    </bean>
+    
+    <security:authentication-manager id="authenticationManager" alias="authenticationManager">
+	  <security:authentication-provider ref="localAuthenticationProvider" />
+	</security:authentication-manager>
+    
+	
+	
 	
  	<!-- Map only for ajax calls; how??? entry-point-ref="ajaxEntryPoint"  -->
   	<bean id="ajaxEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint">
 	</bean>
-
-	<security:authentication-manager alias="authenticationManager">
-	  <security:authentication-provider ref="localAuthenticationProvider" />
-	</security:authentication-manager>
 	
 	<bean id="localAuthenticationProvider" class="eu.dariah.de.dariahsp.local.LocalAuthenticationProvider">
 		<property name="localUserDb">
 			<bean class="eu.dariah.de.dariahsp.local.LocalUserConfService">
 				<property name="userfile" value="${saml.local.userfile}" />
+				<property name="encoder"><bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/></property>
 			</bean>
 		</property>
 		<property name="userService" ref="userDetailsService" />

dariahsp-sample/src/main/resources/spring/security/security-context-saml.xml

@@ -11,44 +11,13 @@
 	<import resource="security-context-common.xml"/>
 
     <!-- Scan for auto-wiring classes in spring saml packages -->
-    <context:component-scan base-package="org.springframework.security.saml"/>
-
-
-    <!-- Security for the administration UI -->
-    <!-- <security:http pattern="/saml/web/**" use-expressions="false">
-        <security:access-denied-handler error-page="/saml/web/metadata/login"/>
-        <security:form-login login-processing-url="/saml/web/login" login-page="/saml/web/metadata/login" default-target-url="/saml/web/metadata"/>
-        <security:intercept-url pattern="/saml/web/metadata/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
-        <security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/>
-        <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
-    </security:http> -->
-
-    <!-- Secured pages with SAML as entry point -->
-    <security:http entry-point-ref="samlEntryPoint" use-expressions="false" access-decision-manager-ref="accessDecisionManager" >
-        <security:intercept-url pattern="/protected/**" access="IS_AUTHENTICATED_FULLY"/>
-        
-        <security:intercept-url pattern="/saml/web/**" access="IS_AUTHENTICATED_FULLY"/>
-        <!-- <security:intercept-url pattern="/saml/web/**" access="ROLE_ADMIN"/> -->
-        
-        <security:custom-filter before="FIRST" ref="metadataGeneratorFilter"/>
-        <security:custom-filter after="BASIC_AUTH_FILTER" ref="samlFilter"/>
-        
-        <security:custom-filter ref="redirectionAwareFilter" before="PRE_AUTH_FILTER" />
-		<security:custom-filter ref="redirectionAwareFilter" after="REQUEST_CACHE_FILTER" />
-        
-        <security:request-cache ref="requestCache"/>
-        
-        <!-- Disable only for /saml/SSO** ?? -->
-        <security:csrf disabled="true" />
-    </security:http>
-    
+    <context:component-scan base-package="org.springframework.security.saml"/>  
     
 	
-
     <!-- Filters for processing of SAML messages -->
-    <bean id="samlFilter" class="org.springframework.security.web.FilterChainProxy">
+    <bean id="authFilter" class="org.springframework.security.web.FilterChainProxy">
         <security:filter-chain-map request-matcher="ant">
-            <security:filter-chain pattern="/saml/login/**" filters="samlEntryPoint"/>
+            <security:filter-chain pattern="/saml/login/**" filters="securityEntryPoint"/>
             <security:filter-chain pattern="/saml/logout/**" filters="samlLogoutFilter"/>
             <security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
             <security:filter-chain pattern="/saml/SSO/**" filters="samlWebSSOProcessingFilter"/>
@@ -86,7 +55,7 @@
     <bean id="samlLogger" class="org.springframework.security.saml.log.SAMLDefaultLogger"/>
 
     <!-- Entry point to initialize authentication, default values taken from properties file -->
-    <bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
+    <bean id="securityEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
         <property name="defaultProfileOptions">
             <bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
                 <property name="includeScoping" value="false"/>