11: Reorganize and refactor core

Task-Url: #11

11: Reorganize and refactor core
Task-Url: #11
781bff81 · Gradl, Tobias · 250d3274 · 781bff81 · 781bff81 · 781bff81
Commit 781bff81 authored Nov 09, 2020 by Gradl, Tobias
--- a/README.md
+++ b/README.md
 Complete rewrite of the DARIAH-SP sample app and libraries (v2.0-dev)

 The former and still used libraries are tagged as v1.4 and discontinued
+
+
+## Important entry points
+
+* Enable configuration in SecurityConfig
+* SAMLMetadataController allows web access to SAML metadata
+* AuthInfoHandlerInterceptor puts auth information in every model (through AuthInfoConfigurer)
+* DefaultFiltersConfigurerAdapter for central logout and callback
+* GlobalMethodSecurityConfig for method security (annotations)
+* SecurityConfigurerAdapter for path and expression based security
\ No newline at end of file
--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/local/BCryptPasswordCreator.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/local/BCryptPasswordCreator.java
-package eu.dariah.de.dariahsp.local;
+package eu.dariah.de.dariahsp;

 import java.util.Scanner;

@@ -6,8 +6,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

 public class BCryptPasswordCreator {

-	private static BCryptPasswordEncoder encoder;
-	
 	public static void main(String[] args) {
 		Scanner scanner = new Scanner (System.in);
 		System.out.println("CLI Tool to create BCrypt passwords to be used with a dariahsp derived application");
@@ -35,16 +33,13 @@ public class BCryptPasswordCreator {
 			if (input.length()<6) {
 				System.out.println("Password too short");
 			} else {
-				encoder = new BCryptPasswordEncoder(rounds, null);
+				final BCryptPasswordEncoder encoder = new BCryptPasswordEncoder(rounds, null);
 				
 				System.out.println("BCrypt computation successful:");
 				System.out.println(encoder.encode(input));
 				computed = true;
 			}
 		}
-
 		scanner.close();
-		scanner = null;
 	}
-
 }
\ No newline at end of file
--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticator/LocalUsernamePasswordAuthenticator.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticator/LocalUsernamePasswordAuthenticator.java
-package eu.dariah.de.dariahsp.authenticator;
+package eu.dariah.de.dariahsp.authentication;

 import java.util.ArrayList;

@@ -14,7 +14,7 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.PasswordEncoder;

-import eu.dariah.de.dariahsp.local.LocalUsers;
+import eu.dariah.de.dariahsp.config.local.LocalUsers;
 import eu.dariah.de.dariahsp.model.RoleImpl;
 import eu.dariah.de.dariahsp.model.UserImpl;
 import lombok.Getter;

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/saml/SAML2RequiredAttributeAuthenticator.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/saml/SAML2RequiredAttributeAuthenticator.java
-package eu.dariah.de.dariahsp.saml;
+package eu.dariah.de.dariahsp.authentication;

 import java.util.List;
 import java.util.Map;

 import org.pac4j.core.context.WebContext;
-import org.pac4j.core.exception.CredentialsException;
 import org.pac4j.saml.credentials.SAML2Credentials;
 import org.pac4j.saml.credentials.SAML2Credentials.SAMLAttribute;
 import org.pac4j.saml.credentials.authenticator.SAML2Authenticator;

 import eu.dariah.de.dariahsp.Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC;
-import eu.dariah.de.dariahsp.config.Attribute;
-import eu.dariah.de.dariahsp.config.ConditionalAttributeGroup;
-import eu.dariah.de.dariahsp.config.model.SamlSpConfigProperties;
+import eu.dariah.de.dariahsp.config.saml.Attribute;
+import eu.dariah.de.dariahsp.config.saml.ConditionalAttributeGroup;
+import eu.dariah.de.dariahsp.config.saml.ServiceProvider;
 import eu.dariah.de.dariahsp.error.RequiredAttributesException;
 import lombok.extern.slf4j.Slf4j;

 @Slf4j
-public class SAML2RequiredAttributeAuthenticator extends SAML2Authenticator {
+public class SAMLRequiredAttributeAuthenticator extends SAML2Authenticator {

-	private final SamlSpConfigProperties spConfigProperties;
+	private final ServiceProvider spConfigProperties;
 	
-	public SAML2RequiredAttributeAuthenticator(String attributeAsId, SamlSpConfigProperties spConfigProperties) {
+	public SAMLRequiredAttributeAuthenticator(String attributeAsId, ServiceProvider spConfigProperties) {
 		super(attributeAsId);
 		this.spConfigProperties = spConfigProperties;
 	}
 	
-    public SAML2RequiredAttributeAuthenticator(final String attributeAsId, final Map<String, String> mappedAttributes, SamlSpConfigProperties spConfigProperties) {
+    public SAMLRequiredAttributeAuthenticator(final String attributeAsId, final Map<String, String> mappedAttributes, ServiceProvider spConfigProperties) {
    	super(attributeAsId, mappedAttributes);
    	this.spConfigProperties = spConfigProperties;
    }
@@ -65,9 +64,6 @@ public class SAML2RequiredAttributeAuthenticator extends SAML2Authenticator {
 							break;
 						}
 					}
-					
-					// TODO: Value checks
-					
 					if (!match && attrGroup.getCheck().equals(REQUIRED_ATTRIBUTE_CHECKLOGIC.AND)) {
 						return false;
 					}

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/model/RoleDefinition.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/model/RoleDefinition.java
-package eu.dariah.de.dariahsp.config.model;
+package eu.dariah.de.dariahsp.config;

 import java.util.Map;
 import java.util.Set;

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/SecurityConfig.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/SecurityConfig.java
@@ -26,12 +26,13 @@ import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
 import org.springframework.security.access.vote.RoleHierarchyVoter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

-import eu.dariah.de.dariahsp.authenticator.LocalUsernamePasswordAuthenticator;
-import eu.dariah.de.dariahsp.authenticator.SamlProfileCreator;
-import eu.dariah.de.dariahsp.authenticator.LocalProfileCreator;
-import eu.dariah.de.dariahsp.config.model.RoleDefinition;
-import eu.dariah.de.dariahsp.metadata.MetadataHelper;
-import eu.dariah.de.dariahsp.saml.SAML2RequiredAttributeAuthenticator;
+import eu.dariah.de.dariahsp.authentication.LocalUsernamePasswordAuthenticator;
+import eu.dariah.de.dariahsp.authentication.SAMLRequiredAttributeAuthenticator;
+import eu.dariah.de.dariahsp.config.local.LocalSecurity;
+import eu.dariah.de.dariahsp.config.saml.SAMLSecurity;
+import eu.dariah.de.dariahsp.helpers.SAMLMetadataHelper;
+import eu.dariah.de.dariahsp.profilecreation.LocalProfileCreator;
+import eu.dariah.de.dariahsp.profilecreation.SamlProfileCreator;
 import eu.dariah.de.dariahsp.web.AuthInfoHelper;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
@@ -43,8 +44,8 @@ import lombok.extern.slf4j.Slf4j;
 @ConfigurationProperties(prefix = "auth")
 @Import({ComponentConfig.class, AnnotationConfig.class})
 public class SecurityConfig {
-	private final LocalSecurityProperties local = new LocalSecurityProperties();
-	private final SamlProperties saml = new SamlProperties();
+	private final LocalSecurity local = new LocalSecurity();
+	private final SAMLSecurity saml = new SAMLSecurity();

 	private String salt;
 	private String roleHierarchy;
@@ -81,8 +82,8 @@ public class SecurityConfig {
 	}
 	
 	@Bean
-	public MetadataHelper metadataHelper() {
-		return new MetadataHelper();
+	public SAMLMetadataHelper metadataHelper() {
+		return new SAMLMetadataHelper();
 	}
 	
 	@Bean
@@ -159,7 +160,7 @@ public class SecurityConfig {
        SAML2Client c = new SAML2Client(cfg);
        c.setName(saml.getAuthorizerName());
        c.setProfileCreator(saml2ProfileCreator());
-        c.setAuthenticator(new SAML2RequiredAttributeAuthenticator(cfg.getAttributeAsId(), cfg.getMappedAttributes(), saml.getSp()));
+        c.setAuthenticator(new SAMLRequiredAttributeAuthenticator(cfg.getAttributeAsId(), cfg.getMappedAttributes(), saml.getSp()));
                
        return c;
 	}

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/LocalSecurityProperties.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/LocalSecurityProperties.java
-package eu.dariah.de.dariahsp.config;
+package eu.dariah.de.dariahsp.config.local;

-import eu.dariah.de.dariahsp.local.LocalUsers;
 import lombok.Data;

 @Data
-public class LocalSecurityProperties {
+public class LocalSecurity {
 	private boolean enabled;
 	private String authorizerName = "local";
 	private LocalUsers[] users;

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/local/LocalUsers.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/local/LocalUsers.java
-package eu.dariah.de.dariahsp.local;
+package eu.dariah.de.dariahsp.config.local;

 import java.util.Set;


--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/Attribute.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/Attribute.java
-package eu.dariah.de.dariahsp.config;
+package eu.dariah.de.dariahsp.config.saml;

 import lombok.Getter;
 import lombok.Setter;

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/ConditionalAttributeGroup.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/ConditionalAttributeGroup.java
-package eu.dariah.de.dariahsp.config;
+package eu.dariah.de.dariahsp.config.saml;

 import java.util.List;


--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/SamlProperties.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/SamlProperties.java
-package eu.dariah.de.dariahsp.config;
+package eu.dariah.de.dariahsp.config.saml;

-import eu.dariah.de.dariahsp.config.model.SamlSpConfigProperties;
 import lombok.Getter;
 import lombok.Setter;

 @Getter @Setter
-public class SamlProperties {
+public class SAMLSecurity {
 	private boolean enabled = true;
 	private String authorizerName = "saml";
 	private final KeystoreProperties keystore = new KeystoreProperties();
 	private final MetadataProperties metadata = new MetadataProperties();
-	private final SamlSpConfigProperties sp = new SamlSpConfigProperties();
+	private final ServiceProvider sp = new ServiceProvider();
 	
 	@Getter @Setter
 	public class KeystoreProperties {

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/model/SamlSpConfigProperties.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/model/SamlSpConfigProperties.java
-package eu.dariah.de.dariahsp.config.model;
+package eu.dariah.de.dariahsp.config.saml;

 import java.time.Duration;
 import java.util.ArrayList;
@@ -12,14 +12,12 @@ import org.apache.http.client.HttpClient;
 import org.opensaml.saml.common.xml.SAMLConstants;
 import org.pac4j.saml.util.SAML2HttpClientBuilder;

-import eu.dariah.de.dariahsp.config.Attribute;
-import eu.dariah.de.dariahsp.config.ConditionalAttributeGroup;
 import lombok.Getter;
 import lombok.Setter;

 @Getter 
 @Setter
-public class SamlSpConfigProperties {
+public class ServiceProvider {
 	private String metadataResource;
 	private boolean generateIfNotExists;
 	private int maxAuthAge = 3600;

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/web/AuthInfoConfigurer.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/web/AuthInfoConfigurer.java
--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/metadata/MetadataHelper.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/metadata/MetadataHelper.java
-package eu.dariah.de.dariahsp.metadata;
+package eu.dariah.de.dariahsp.helpers;

 import java.io.IOException;
 import java.io.InputStreamReader;
@@ -14,12 +14,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.Resource;
 import org.springframework.util.FileCopyUtils;

-import eu.dariah.de.dariahsp.Constants;
 import eu.dariah.de.dariahsp.config.SecurityConfig;
 import lombok.extern.slf4j.Slf4j;

 @Slf4j
-public class MetadataHelper implements InitializingBean {	
+public class SAMLMetadataHelper implements InitializingBean {	
 	
 	@Autowired private SecurityConfig securityConfig;
 	@Autowired private Config config;

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/model/ExtendedUserProfile.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/model/ExtendedUserProfile.java
@@ -8,7 +8,6 @@ import org.pac4j.core.util.CommonHelper;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.NoArgsConstructor;
-import lombok.ToString;

 @Data
 @NoArgsConstructor
@@ -34,18 +33,10 @@ public class ExtendedUserProfile extends CommonProfile {
 		this.setLinkedId(profile.getLinkedId());
 	}
    
-    public UserImpl toUser() {
-    	UserImpl user = new UserImpl();
-    	// TODO: Complete this...
-    	user.setUsername(this.getUsername());
-    	return user;
-    } 
-    
    @Override
    public String toString() {
        return CommonHelper.toNiceString(this.getClass(), "id", this.getId(), "level", this.getLevel(), 
        		"attributes", this.getAttributes(), "roles", this.getRoles(), "externalRoles", this.getExternalRoles(), 
        		"isRemembered", this.isRemembered(), "clientName", this.getClientName());
    }
-	
 }
\ No newline at end of file
--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticator/BaseProfileCreator.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticator/BaseProfileCreator.java
-package eu.dariah.de.dariahsp.authenticator;
+package eu.dariah.de.dariahsp.profilecreation;

 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;

-import eu.dariah.de.dariahsp.config.model.RoleDefinition;
+import eu.dariah.de.dariahsp.config.RoleDefinition;
 import eu.dariah.de.dariahsp.model.ExtendedUserProfile;
 import lombok.Data;


--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticator/LocalProfileCreator.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticator/LocalProfileCreator.java
-package eu.dariah.de.dariahsp.authenticator;
+package eu.dariah.de.dariahsp.profilecreation;

 import java.util.Optional;
 import org.pac4j.core.context.WebContext;

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticator/SamlProfileCreator.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/authenticator/SamlProfileCreator.java
-package eu.dariah.de.dariahsp.authenticator;
+package eu.dariah.de.dariahsp.profilecreation;

 import java.util.LinkedHashSet;
 import java.util.List;

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/web/AuthInfoHandlerInterceptor.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/web/AuthInfoHandlerInterceptor.java
@@ -8,7 +8,7 @@ import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 import org.springframework.web.servlet.support.RequestContextUtils;

-import eu.dariah.de.dariahsp.model.web.AuthPojo;
+import eu.dariah.de.dariahsp.web.model.AuthPojo;

 public class AuthInfoHandlerInterceptor extends HandlerInterceptorAdapter {
 	private AuthInfoHelper authInfoHelper;

--- a/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/web/AuthInfoHelper.java
+++ b/dariahsp-core/src/main/java/eu/dariah/de/dariahsp/web/AuthInfoHelper.java
@@ -6,8 +6,9 @@ import org.pac4j.core.context.JEEContext;
 import org.pac4j.core.profile.ProfileManager;
 import org.pac4j.core.util.Pac4jConstants;
 import org.springframework.beans.factory.annotation.Autowired;
+
 import eu.dariah.de.dariahsp.model.ExtendedUserProfile;
-import eu.dariah.de.dariahsp.model.web.AuthPojo;
+import eu.dariah.de.dariahsp.web.model.AuthPojo;
 import lombok.extern.slf4j.Slf4j;

 @Slf4j
@@ -54,7 +55,6 @@ public class AuthInfoHelper {
 			pojo.setLevel(profile.getLevel());
 			pojo.setUserId(profile.getId());
 			pojo.setSessionId(this.getOrCreateSessionId());
-			pojo.setExternalRoles(profile.getExternalRoles());
 		}
 		return pojo;
 	}