Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
dariah
dariahsp
Commits
781bff81
Commit
781bff81
authored
Nov 09, 2020
by
Gradl, Tobias
Browse files
11: Reorganize and refactor core
Task-Url:
#11
parent
250d3274
Pipeline
#17794
passed with stage
in 1 minute and 54 seconds
Changes
23
Pipelines
1
Show whitespace changes
Inline
Side-by-side
README.md
View file @
781bff81
Complete rewrite of the DARIAH-SP sample app and libraries (v2.0-dev)
The former and still used libraries are tagged as v1.4 and discontinued
## Important entry points
*
Enable configuration in SecurityConfig
*
SAMLMetadataController allows web access to SAML metadata
*
AuthInfoHandlerInterceptor puts auth information in every model (through AuthInfoConfigurer)
*
DefaultFiltersConfigurerAdapter for central logout and callback
*
GlobalMethodSecurityConfig for method security (annotations)
*
SecurityConfigurerAdapter for path and expression based security
\ No newline at end of file
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
local/
BCryptPasswordCreator.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/BCryptPasswordCreator.java
View file @
781bff81
package
eu.dariah.de.dariahsp
.local
;
package
eu.dariah.de.dariahsp
;
import
java.util.Scanner
;
...
...
@@ -6,8 +6,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
public
class
BCryptPasswordCreator
{
private
static
BCryptPasswordEncoder
encoder
;
public
static
void
main
(
String
[]
args
)
{
Scanner
scanner
=
new
Scanner
(
System
.
in
);
System
.
out
.
println
(
"CLI Tool to create BCrypt passwords to be used with a dariahsp derived application"
);
...
...
@@ -35,16 +33,13 @@ public class BCryptPasswordCreator {
if
(
input
.
length
()<
6
)
{
System
.
out
.
println
(
"Password too short"
);
}
else
{
encoder
=
new
BCryptPasswordEncoder
(
rounds
,
null
);
final
BCryptPasswordEncoder
encoder
=
new
BCryptPasswordEncoder
(
rounds
,
null
);
System
.
out
.
println
(
"BCrypt computation successful:"
);
System
.
out
.
println
(
encoder
.
encode
(
input
));
computed
=
true
;
}
}
scanner
.
close
();
scanner
=
null
;
}
}
\ No newline at end of file
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticat
or
/LocalUsernamePasswordAuthenticator.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticat
ion
/LocalUsernamePasswordAuthenticator.java
View file @
781bff81
package
eu.dariah.de.dariahsp.authenticat
or
;
package
eu.dariah.de.dariahsp.authenticat
ion
;
import
java.util.ArrayList
;
...
...
@@ -14,7 +14,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
import
org.springframework.security.core.userdetails.UsernameNotFoundException
;
import
org.springframework.security.crypto.password.PasswordEncoder
;
import
eu.dariah.de.dariahsp.local.LocalUsers
;
import
eu.dariah.de.dariahsp.
config.
local.LocalUsers
;
import
eu.dariah.de.dariahsp.model.RoleImpl
;
import
eu.dariah.de.dariahsp.model.UserImpl
;
import
lombok.Getter
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
saml
/SAML
2
RequiredAttributeAuthenticator.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
authentication
/SAMLRequiredAttributeAuthenticator.java
View file @
781bff81
package
eu.dariah.de.dariahsp.
saml
;
package
eu.dariah.de.dariahsp.
authentication
;
import
java.util.List
;
import
java.util.Map
;
import
org.pac4j.core.context.WebContext
;
import
org.pac4j.core.exception.CredentialsException
;
import
org.pac4j.saml.credentials.SAML2Credentials
;
import
org.pac4j.saml.credentials.SAML2Credentials.SAMLAttribute
;
import
org.pac4j.saml.credentials.authenticator.SAML2Authenticator
;
import
eu.dariah.de.dariahsp.Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC
;
import
eu.dariah.de.dariahsp.config.Attribute
;
import
eu.dariah.de.dariahsp.config.ConditionalAttributeGroup
;
import
eu.dariah.de.dariahsp.config.
model.SamlSpConfigProperties
;
import
eu.dariah.de.dariahsp.config.
saml.
Attribute
;
import
eu.dariah.de.dariahsp.config.
saml.
ConditionalAttributeGroup
;
import
eu.dariah.de.dariahsp.config.
saml.ServiceProvider
;
import
eu.dariah.de.dariahsp.error.RequiredAttributesException
;
import
lombok.extern.slf4j.Slf4j
;
@Slf4j
public
class
SAML
2
RequiredAttributeAuthenticator
extends
SAML2Authenticator
{
public
class
SAMLRequiredAttributeAuthenticator
extends
SAML2Authenticator
{
private
final
S
amlSpConfigProperties
spConfigProperties
;
private
final
S
erviceProvider
spConfigProperties
;
public
SAML
2
RequiredAttributeAuthenticator
(
String
attributeAsId
,
S
amlSpConfigProperties
spConfigProperties
)
{
public
SAMLRequiredAttributeAuthenticator
(
String
attributeAsId
,
S
erviceProvider
spConfigProperties
)
{
super
(
attributeAsId
);
this
.
spConfigProperties
=
spConfigProperties
;
}
public
SAML
2
RequiredAttributeAuthenticator
(
final
String
attributeAsId
,
final
Map
<
String
,
String
>
mappedAttributes
,
S
amlSpConfigProperties
spConfigProperties
)
{
public
SAMLRequiredAttributeAuthenticator
(
final
String
attributeAsId
,
final
Map
<
String
,
String
>
mappedAttributes
,
S
erviceProvider
spConfigProperties
)
{
super
(
attributeAsId
,
mappedAttributes
);
this
.
spConfigProperties
=
spConfigProperties
;
}
...
...
@@ -65,9 +64,6 @@ public class SAML2RequiredAttributeAuthenticator extends SAML2Authenticator {
break
;
}
}
// TODO: Value checks
if
(!
match
&&
attrGroup
.
getCheck
().
equals
(
REQUIRED_ATTRIBUTE_CHECKLOGIC
.
AND
))
{
return
false
;
}
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/
model/
RoleDefinition.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/RoleDefinition.java
View file @
781bff81
package
eu.dariah.de.dariahsp.config
.model
;
package
eu.dariah.de.dariahsp.config
;
import
java.util.Map
;
import
java.util.Set
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/SecurityConfig.java
View file @
781bff81
...
...
@@ -26,12 +26,13 @@ import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import
org.springframework.security.access.vote.RoleHierarchyVoter
;
import
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
;
import
eu.dariah.de.dariahsp.authenticator.LocalUsernamePasswordAuthenticator
;
import
eu.dariah.de.dariahsp.authenticator.SamlProfileCreator
;
import
eu.dariah.de.dariahsp.authenticator.LocalProfileCreator
;
import
eu.dariah.de.dariahsp.config.model.RoleDefinition
;
import
eu.dariah.de.dariahsp.metadata.MetadataHelper
;
import
eu.dariah.de.dariahsp.saml.SAML2RequiredAttributeAuthenticator
;
import
eu.dariah.de.dariahsp.authentication.LocalUsernamePasswordAuthenticator
;
import
eu.dariah.de.dariahsp.authentication.SAMLRequiredAttributeAuthenticator
;
import
eu.dariah.de.dariahsp.config.local.LocalSecurity
;
import
eu.dariah.de.dariahsp.config.saml.SAMLSecurity
;
import
eu.dariah.de.dariahsp.helpers.SAMLMetadataHelper
;
import
eu.dariah.de.dariahsp.profilecreation.LocalProfileCreator
;
import
eu.dariah.de.dariahsp.profilecreation.SamlProfileCreator
;
import
eu.dariah.de.dariahsp.web.AuthInfoHelper
;
import
lombok.Data
;
import
lombok.extern.slf4j.Slf4j
;
...
...
@@ -43,8 +44,8 @@ import lombok.extern.slf4j.Slf4j;
@ConfigurationProperties
(
prefix
=
"auth"
)
@Import
({
ComponentConfig
.
class
,
AnnotationConfig
.
class
})
public
class
SecurityConfig
{
private
final
LocalSecurity
Properties
local
=
new
LocalSecurity
Properties
();
private
final
S
amlProperties
saml
=
new
SamlProperties
();
private
final
LocalSecurity
local
=
new
LocalSecurity
();
private
final
S
AMLSecurity
saml
=
new
SAMLSecurity
();
private
String
salt
;
private
String
roleHierarchy
;
...
...
@@ -81,8 +82,8 @@ public class SecurityConfig {
}
@Bean
public
MetadataHelper
metadataHelper
()
{
return
new
MetadataHelper
();
public
SAML
MetadataHelper
metadataHelper
()
{
return
new
SAML
MetadataHelper
();
}
@Bean
...
...
@@ -159,7 +160,7 @@ public class SecurityConfig {
SAML2Client
c
=
new
SAML2Client
(
cfg
);
c
.
setName
(
saml
.
getAuthorizerName
());
c
.
setProfileCreator
(
saml2ProfileCreator
());
c
.
setAuthenticator
(
new
SAML
2
RequiredAttributeAuthenticator
(
cfg
.
getAttributeAsId
(),
cfg
.
getMappedAttributes
(),
saml
.
getSp
()));
c
.
setAuthenticator
(
new
SAMLRequiredAttributeAuthenticator
(
cfg
.
getAttributeAsId
(),
cfg
.
getMappedAttributes
(),
saml
.
getSp
()));
return
c
;
}
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/LocalSecurity
Properties
.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/
local/
LocalSecurity.java
View file @
781bff81
package
eu.dariah.de.dariahsp.config
;
package
eu.dariah.de.dariahsp.config
.local
;
import
eu.dariah.de.dariahsp.local.LocalUsers
;
import
lombok.Data
;
@Data
public
class
LocalSecurity
Properties
{
public
class
LocalSecurity
{
private
boolean
enabled
;
private
String
authorizerName
=
"local"
;
private
LocalUsers
[]
users
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/local/LocalUsers.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
config/
local/LocalUsers.java
View file @
781bff81
package
eu.dariah.de.dariahsp.local
;
package
eu.dariah.de.dariahsp.
config.
local
;
import
java.util.Set
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/Attribute.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/
saml/
Attribute.java
View file @
781bff81
package
eu.dariah.de.dariahsp.config
;
package
eu.dariah.de.dariahsp.config
.saml
;
import
lombok.Getter
;
import
lombok.Setter
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/ConditionalAttributeGroup.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/
saml/
ConditionalAttributeGroup.java
View file @
781bff81
package
eu.dariah.de.dariahsp.config
;
package
eu.dariah.de.dariahsp.config
.saml
;
import
java.util.List
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/
S
aml
Properties
.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/
s
aml
/SAMLSecurity
.java
View file @
781bff81
package
eu.dariah.de.dariahsp.config
;
package
eu.dariah.de.dariahsp.config
.saml
;
import
eu.dariah.de.dariahsp.config.model.SamlSpConfigProperties
;
import
lombok.Getter
;
import
lombok.Setter
;
@Getter
@Setter
public
class
S
amlProperties
{
public
class
S
AMLSecurity
{
private
boolean
enabled
=
true
;
private
String
authorizerName
=
"saml"
;
private
final
KeystoreProperties
keystore
=
new
KeystoreProperties
();
private
final
MetadataProperties
metadata
=
new
MetadataProperties
();
private
final
S
amlSpConfigProperties
sp
=
new
SamlSpConfigProperties
();
private
final
S
erviceProvider
sp
=
new
ServiceProvider
();
@Getter
@Setter
public
class
KeystoreProperties
{
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/
model/SamlSpConfigProperties
.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/
saml/ServiceProvider
.java
View file @
781bff81
package
eu.dariah.de.dariahsp.config.
mode
l
;
package
eu.dariah.de.dariahsp.config.
sam
l
;
import
java.time.Duration
;
import
java.util.ArrayList
;
...
...
@@ -12,14 +12,12 @@ import org.apache.http.client.HttpClient;
import
org.opensaml.saml.common.xml.SAMLConstants
;
import
org.pac4j.saml.util.SAML2HttpClientBuilder
;
import
eu.dariah.de.dariahsp.config.Attribute
;
import
eu.dariah.de.dariahsp.config.ConditionalAttributeGroup
;
import
lombok.Getter
;
import
lombok.Setter
;
@Getter
@Setter
public
class
S
amlSpConfigProperties
{
public
class
S
erviceProvider
{
private
String
metadataResource
;
private
boolean
generateIfNotExists
;
private
int
maxAuthAge
=
3600
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/web/AuthInfoConfigurer.java
View file @
781bff81
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
metadata/
MetadataHelper.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
helpers/SAML
MetadataHelper.java
View file @
781bff81
package
eu.dariah.de.dariahsp.
metadata
;
package
eu.dariah.de.dariahsp.
helpers
;
import
java.io.IOException
;
import
java.io.InputStreamReader
;
...
...
@@ -14,12 +14,11 @@ import org.springframework.beans.factory.annotation.Autowired;
import
org.springframework.core.io.Resource
;
import
org.springframework.util.FileCopyUtils
;
import
eu.dariah.de.dariahsp.Constants
;
import
eu.dariah.de.dariahsp.config.SecurityConfig
;
import
lombok.extern.slf4j.Slf4j
;
@Slf4j
public
class
MetadataHelper
implements
InitializingBean
{
public
class
SAML
MetadataHelper
implements
InitializingBean
{
@Autowired
private
SecurityConfig
securityConfig
;
@Autowired
private
Config
config
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/model/ExtendedUserProfile.java
View file @
781bff81
...
...
@@ -8,7 +8,6 @@ import org.pac4j.core.util.CommonHelper;
import
lombok.Data
;
import
lombok.EqualsAndHashCode
;
import
lombok.NoArgsConstructor
;
import
lombok.ToString
;
@Data
@NoArgsConstructor
...
...
@@ -34,18 +33,10 @@ public class ExtendedUserProfile extends CommonProfile {
this
.
setLinkedId
(
profile
.
getLinkedId
());
}
public
UserImpl
toUser
()
{
UserImpl
user
=
new
UserImpl
();
// TODO: Complete this...
user
.
setUsername
(
this
.
getUsername
());
return
user
;
}
@Override
public
String
toString
()
{
return
CommonHelper
.
toNiceString
(
this
.
getClass
(),
"id"
,
this
.
getId
(),
"level"
,
this
.
getLevel
(),
"attributes"
,
this
.
getAttributes
(),
"roles"
,
this
.
getRoles
(),
"externalRoles"
,
this
.
getExternalRoles
(),
"isRemembered"
,
this
.
isRemembered
(),
"clientName"
,
this
.
getClientName
());
}
}
\ No newline at end of file
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
authenticator
/BaseProfileCreator.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
profilecreation
/BaseProfileCreator.java
View file @
781bff81
package
eu.dariah.de.dariahsp.
authenticator
;
package
eu.dariah.de.dariahsp.
profilecreation
;
import
java.util.LinkedHashSet
;
import
java.util.List
;
import
java.util.Set
;
import
java.util.stream.Collectors
;
import
eu.dariah.de.dariahsp.config.
model.
RoleDefinition
;
import
eu.dariah.de.dariahsp.config.RoleDefinition
;
import
eu.dariah.de.dariahsp.model.ExtendedUserProfile
;
import
lombok.Data
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
authenticator
/LocalProfileCreator.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
profilecreation
/LocalProfileCreator.java
View file @
781bff81
package
eu.dariah.de.dariahsp.
authenticator
;
package
eu.dariah.de.dariahsp.
profilecreation
;
import
java.util.Optional
;
import
org.pac4j.core.context.WebContext
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
authenticator
/SamlProfileCreator.java
→
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/
profilecreation
/SamlProfileCreator.java
View file @
781bff81
package
eu.dariah.de.dariahsp.
authenticator
;
package
eu.dariah.de.dariahsp.
profilecreation
;
import
java.util.LinkedHashSet
;
import
java.util.List
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/web/AuthInfoHandlerInterceptor.java
View file @
781bff81
...
...
@@ -8,7 +8,7 @@ import org.springframework.web.servlet.ModelAndView;
import
org.springframework.web.servlet.handler.HandlerInterceptorAdapter
;
import
org.springframework.web.servlet.support.RequestContextUtils
;
import
eu.dariah.de.dariahsp.model.
web.
AuthPojo
;
import
eu.dariah.de.dariahsp.
web.
model.AuthPojo
;
public
class
AuthInfoHandlerInterceptor
extends
HandlerInterceptorAdapter
{
private
AuthInfoHelper
authInfoHelper
;
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/web/AuthInfoHelper.java
View file @
781bff81
...
...
@@ -6,8 +6,9 @@ import org.pac4j.core.context.JEEContext;
import
org.pac4j.core.profile.ProfileManager
;
import
org.pac4j.core.util.Pac4jConstants
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
eu.dariah.de.dariahsp.model.ExtendedUserProfile
;
import
eu.dariah.de.dariahsp.model.
web.
AuthPojo
;
import
eu.dariah.de.dariahsp.
web.
model.AuthPojo
;
import
lombok.extern.slf4j.Slf4j
;
@Slf4j
...
...
@@ -54,7 +55,6 @@ public class AuthInfoHelper {
pojo
.
setLevel
(
profile
.
getLevel
());
pojo
.
setUserId
(
profile
.
getId
());
pojo
.
setSessionId
(
this
.
getOrCreateSessionId
());
pojo
.
setExternalRoles
(
profile
.
getExternalRoles
());
}
return
pojo
;
}
...
...
Prev
1
2
Next
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment