Commit 781bff81 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

11: Reorganize and refactor core

Task-Url: #11
parent 250d3274
Pipeline #17794 passed with stage
in 1 minute and 54 seconds
Complete rewrite of the DARIAH-SP sample app and libraries (v2.0-dev)
The former and still used libraries are tagged as v1.4 and discontinued
## Important entry points
* Enable configuration in SecurityConfig
* SAMLMetadataController allows web access to SAML metadata
* AuthInfoHandlerInterceptor puts auth information in every model (through AuthInfoConfigurer)
* DefaultFiltersConfigurerAdapter for central logout and callback
* GlobalMethodSecurityConfig for method security (annotations)
* SecurityConfigurerAdapter for path and expression based security
\ No newline at end of file
package eu.dariah.de.dariahsp.local;
package eu.dariah.de.dariahsp;
import java.util.Scanner;
......@@ -6,8 +6,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
public class BCryptPasswordCreator {
private static BCryptPasswordEncoder encoder;
public static void main(String[] args) {
Scanner scanner = new Scanner (System.in);
System.out.println("CLI Tool to create BCrypt passwords to be used with a dariahsp derived application");
......@@ -35,16 +33,13 @@ public class BCryptPasswordCreator {
if (input.length()<6) {
System.out.println("Password too short");
} else {
encoder = new BCryptPasswordEncoder(rounds, null);
final BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(rounds, null);
System.out.println("BCrypt computation successful:");
System.out.println(encoder.encode(input));
computed = true;
}
}
scanner.close();
scanner = null;
}
}
\ No newline at end of file
package eu.dariah.de.dariahsp.authenticator;
package eu.dariah.de.dariahsp.authentication;
import java.util.ArrayList;
......@@ -14,7 +14,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import eu.dariah.de.dariahsp.local.LocalUsers;
import eu.dariah.de.dariahsp.config.local.LocalUsers;
import eu.dariah.de.dariahsp.model.RoleImpl;
import eu.dariah.de.dariahsp.model.UserImpl;
import lombok.Getter;
......
package eu.dariah.de.dariahsp.saml;
package eu.dariah.de.dariahsp.authentication;
import java.util.List;
import java.util.Map;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.CredentialsException;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.pac4j.saml.credentials.SAML2Credentials.SAMLAttribute;
import org.pac4j.saml.credentials.authenticator.SAML2Authenticator;
import eu.dariah.de.dariahsp.Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC;
import eu.dariah.de.dariahsp.config.Attribute;
import eu.dariah.de.dariahsp.config.ConditionalAttributeGroup;
import eu.dariah.de.dariahsp.config.model.SamlSpConfigProperties;
import eu.dariah.de.dariahsp.config.saml.Attribute;
import eu.dariah.de.dariahsp.config.saml.ConditionalAttributeGroup;
import eu.dariah.de.dariahsp.config.saml.ServiceProvider;
import eu.dariah.de.dariahsp.error.RequiredAttributesException;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class SAML2RequiredAttributeAuthenticator extends SAML2Authenticator {
public class SAMLRequiredAttributeAuthenticator extends SAML2Authenticator {
private final SamlSpConfigProperties spConfigProperties;
private final ServiceProvider spConfigProperties;
public SAML2RequiredAttributeAuthenticator(String attributeAsId, SamlSpConfigProperties spConfigProperties) {
public SAMLRequiredAttributeAuthenticator(String attributeAsId, ServiceProvider spConfigProperties) {
super(attributeAsId);
this.spConfigProperties = spConfigProperties;
}
public SAML2RequiredAttributeAuthenticator(final String attributeAsId, final Map<String, String> mappedAttributes, SamlSpConfigProperties spConfigProperties) {
public SAMLRequiredAttributeAuthenticator(final String attributeAsId, final Map<String, String> mappedAttributes, ServiceProvider spConfigProperties) {
super(attributeAsId, mappedAttributes);
this.spConfigProperties = spConfigProperties;
}
......@@ -65,9 +64,6 @@ public class SAML2RequiredAttributeAuthenticator extends SAML2Authenticator {
break;
}
}
// TODO: Value checks
if (!match && attrGroup.getCheck().equals(REQUIRED_ATTRIBUTE_CHECKLOGIC.AND)) {
return false;
}
......
package eu.dariah.de.dariahsp.config.model;
package eu.dariah.de.dariahsp.config;
import java.util.Map;
import java.util.Set;
......
......@@ -26,12 +26,13 @@ import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.access.vote.RoleHierarchyVoter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import eu.dariah.de.dariahsp.authenticator.LocalUsernamePasswordAuthenticator;
import eu.dariah.de.dariahsp.authenticator.SamlProfileCreator;
import eu.dariah.de.dariahsp.authenticator.LocalProfileCreator;
import eu.dariah.de.dariahsp.config.model.RoleDefinition;
import eu.dariah.de.dariahsp.metadata.MetadataHelper;
import eu.dariah.de.dariahsp.saml.SAML2RequiredAttributeAuthenticator;
import eu.dariah.de.dariahsp.authentication.LocalUsernamePasswordAuthenticator;
import eu.dariah.de.dariahsp.authentication.SAMLRequiredAttributeAuthenticator;
import eu.dariah.de.dariahsp.config.local.LocalSecurity;
import eu.dariah.de.dariahsp.config.saml.SAMLSecurity;
import eu.dariah.de.dariahsp.helpers.SAMLMetadataHelper;
import eu.dariah.de.dariahsp.profilecreation.LocalProfileCreator;
import eu.dariah.de.dariahsp.profilecreation.SamlProfileCreator;
import eu.dariah.de.dariahsp.web.AuthInfoHelper;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
......@@ -43,8 +44,8 @@ import lombok.extern.slf4j.Slf4j;
@ConfigurationProperties(prefix = "auth")
@Import({ComponentConfig.class, AnnotationConfig.class})
public class SecurityConfig {
private final LocalSecurityProperties local = new LocalSecurityProperties();
private final SamlProperties saml = new SamlProperties();
private final LocalSecurity local = new LocalSecurity();
private final SAMLSecurity saml = new SAMLSecurity();
private String salt;
private String roleHierarchy;
......@@ -81,8 +82,8 @@ public class SecurityConfig {
}
@Bean
public MetadataHelper metadataHelper() {
return new MetadataHelper();
public SAMLMetadataHelper metadataHelper() {
return new SAMLMetadataHelper();
}
@Bean
......@@ -159,7 +160,7 @@ public class SecurityConfig {
SAML2Client c = new SAML2Client(cfg);
c.setName(saml.getAuthorizerName());
c.setProfileCreator(saml2ProfileCreator());
c.setAuthenticator(new SAML2RequiredAttributeAuthenticator(cfg.getAttributeAsId(), cfg.getMappedAttributes(), saml.getSp()));
c.setAuthenticator(new SAMLRequiredAttributeAuthenticator(cfg.getAttributeAsId(), cfg.getMappedAttributes(), saml.getSp()));
return c;
}
......
package eu.dariah.de.dariahsp.config;
package eu.dariah.de.dariahsp.config.local;
import eu.dariah.de.dariahsp.local.LocalUsers;
import lombok.Data;
@Data
public class LocalSecurityProperties {
public class LocalSecurity {
private boolean enabled;
private String authorizerName = "local";
private LocalUsers[] users;
......
package eu.dariah.de.dariahsp.config;
package eu.dariah.de.dariahsp.config.saml;
import lombok.Getter;
import lombok.Setter;
......
package eu.dariah.de.dariahsp.config;
package eu.dariah.de.dariahsp.config.saml;
import eu.dariah.de.dariahsp.config.model.SamlSpConfigProperties;
import lombok.Getter;
import lombok.Setter;
@Getter @Setter
public class SamlProperties {
public class SAMLSecurity {
private boolean enabled = true;
private String authorizerName = "saml";
private final KeystoreProperties keystore = new KeystoreProperties();
private final MetadataProperties metadata = new MetadataProperties();
private final SamlSpConfigProperties sp = new SamlSpConfigProperties();
private final ServiceProvider sp = new ServiceProvider();
@Getter @Setter
public class KeystoreProperties {
......
package eu.dariah.de.dariahsp.config.model;
package eu.dariah.de.dariahsp.config.saml;
import java.time.Duration;
import java.util.ArrayList;
......@@ -12,14 +12,12 @@ import org.apache.http.client.HttpClient;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.pac4j.saml.util.SAML2HttpClientBuilder;
import eu.dariah.de.dariahsp.config.Attribute;
import eu.dariah.de.dariahsp.config.ConditionalAttributeGroup;
import lombok.Getter;
import lombok.Setter;
@Getter
@Setter
public class SamlSpConfigProperties {
public class ServiceProvider {
private String metadataResource;
private boolean generateIfNotExists;
private int maxAuthAge = 3600;
......
package eu.dariah.de.dariahsp.metadata;
package eu.dariah.de.dariahsp.helpers;
import java.io.IOException;
import java.io.InputStreamReader;
......@@ -14,12 +14,11 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.Resource;
import org.springframework.util.FileCopyUtils;
import eu.dariah.de.dariahsp.Constants;
import eu.dariah.de.dariahsp.config.SecurityConfig;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class MetadataHelper implements InitializingBean {
public class SAMLMetadataHelper implements InitializingBean {
@Autowired private SecurityConfig securityConfig;
@Autowired private Config config;
......
......@@ -8,7 +8,6 @@ import org.pac4j.core.util.CommonHelper;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
import lombok.ToString;
@Data
@NoArgsConstructor
......@@ -34,18 +33,10 @@ public class ExtendedUserProfile extends CommonProfile {
this.setLinkedId(profile.getLinkedId());
}
public UserImpl toUser() {
UserImpl user = new UserImpl();
// TODO: Complete this...
user.setUsername(this.getUsername());
return user;
}
@Override
public String toString() {
return CommonHelper.toNiceString(this.getClass(), "id", this.getId(), "level", this.getLevel(),
"attributes", this.getAttributes(), "roles", this.getRoles(), "externalRoles", this.getExternalRoles(),
"isRemembered", this.isRemembered(), "clientName", this.getClientName());
}
}
\ No newline at end of file
package eu.dariah.de.dariahsp.authenticator;
package eu.dariah.de.dariahsp.profilecreation;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import eu.dariah.de.dariahsp.config.model.RoleDefinition;
import eu.dariah.de.dariahsp.config.RoleDefinition;
import eu.dariah.de.dariahsp.model.ExtendedUserProfile;
import lombok.Data;
......
package eu.dariah.de.dariahsp.authenticator;
package eu.dariah.de.dariahsp.profilecreation;
import java.util.Optional;
import org.pac4j.core.context.WebContext;
......
package eu.dariah.de.dariahsp.authenticator;
package eu.dariah.de.dariahsp.profilecreation;
import java.util.LinkedHashSet;
import java.util.List;
......
......@@ -8,7 +8,7 @@ import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.support.RequestContextUtils;
import eu.dariah.de.dariahsp.model.web.AuthPojo;
import eu.dariah.de.dariahsp.web.model.AuthPojo;
public class AuthInfoHandlerInterceptor extends HandlerInterceptorAdapter {
private AuthInfoHelper authInfoHelper;
......
......@@ -6,8 +6,9 @@ import org.pac4j.core.context.JEEContext;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.util.Pac4jConstants;
import org.springframework.beans.factory.annotation.Autowired;
import eu.dariah.de.dariahsp.model.ExtendedUserProfile;
import eu.dariah.de.dariahsp.model.web.AuthPojo;
import eu.dariah.de.dariahsp.web.model.AuthPojo;
import lombok.extern.slf4j.Slf4j;
@Slf4j
......@@ -54,7 +55,6 @@ public class AuthInfoHelper {
pojo.setLevel(profile.getLevel());
pojo.setUserId(profile.getId());
pojo.setSessionId(this.getOrCreateSessionId());
pojo.setExternalRoles(profile.getExternalRoles());
}
return pojo;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment