8: Allow custom context path in web application

Task-Url: #8

dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/SecurityConfig.java

@@ -7,6 +7,9 @@ import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
+
+import javax.servlet.ServletContext;
+
 import org.pac4j.core.client.Client;
 import org.pac4j.core.client.Clients;
 import org.pac4j.core.config.Config;
@@ -17,6 +20,8 @@ import org.pac4j.saml.config.SAML2Configuration;
 import org.pac4j.saml.credentials.SAML2Credentials;
 import org.pac4j.springframework.annotation.AnnotationConfig;
 import org.pac4j.springframework.component.ComponentConfig;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
@@ -49,7 +54,9 @@ public class SecurityConfig {
 	private String roleHierarchy;
 	private final List<RoleDefinition> roleDefinitions;
 	private String baseUrl = "http://localhost:8080";
-	
+	private String defaultLoginUrl = baseUrl;
+	private String defaultLogoutUrl = baseUrl;
+		
 	@Bean
 	public Optional<LocalUsernamePasswordAuthenticator> localUsernamePasswordAuthenticator() {
 		if (!local.isEnabled()) {
@@ -104,7 +111,7 @@ public class SecurityConfig {
 		if (formClient.isPresent()) {
 			formClient.get().setProfileCreator(localProfileCreator());
 			clients.add(formClient.get());
-		}        
+		}
         return new Config(new Clients(baseUrl().getAbsoluteUrl("/callback"), clients));
 	}
 	
@@ -155,10 +162,10 @@ public class SecurityConfig {
         return Optional.of(c);	
 	}
 	
-	private Optional<FormClient> getFormClient() {
+	private Optional<FormClient> getFormClient() throws URISyntaxException {
 		Optional<LocalUsernamePasswordAuthenticator> localUsernamePasswordAuthenticator = localUsernamePasswordAuthenticator();
 		if (localUsernamePasswordAuthenticator.isPresent()) {
-			FormClient c = new FormClient("/login", localUsernamePasswordAuthenticator.get());
+			FormClient c = new FormClient(baseUrl().getAbsoluteUrl("/login"), localUsernamePasswordAuthenticator.get());
 			c.setName(local.getAuthorizerName());
 			return Optional.of(c);
 		}

dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/web/DefaultFiltersConfigurerAdapter.java

@@ -5,27 +5,35 @@ import java.util.List;
 import org.pac4j.springframework.security.web.CallbackFilter;
 import org.pac4j.springframework.security.web.LogoutFilter;
 import org.pac4j.springframework.security.web.Pac4jEntryPoint;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
+import eu.dariah.de.dariahsp.config.SecurityConfig;
+
 public class DefaultFiltersConfigurerAdapter extends BaseSecurityConfigurerAdapter {
-    
+    @Autowired private SecurityConfig securityConfig;
+	
+	
     @Override
     protected void configure(final HttpSecurity http) throws Exception {
     	List<String> enabledClientNames = this.getEnabledClientNames();
     	
         final CallbackFilter callbackFilter = new CallbackFilter(config);
-        callbackFilter.setMultiProfile(true);
-
+        callbackFilter.setMultiProfile(false);
+        callbackFilter.setDefaultUrl(securityConfig.getDefaultLoginUrl());
+        
         final LogoutFilter logoutFilter = new LogoutFilter(config, "/?defaulturlafterlogout");
         logoutFilter.setDestroySession(true);
         logoutFilter.setSuffix("/logout");
+        logoutFilter.setDefaultUrl(securityConfig.getDefaultLogoutUrl());
 
         final LogoutFilter centralLogoutFilter = new LogoutFilter(config, baseUrl.getAbsoluteUrl("/?defaulturlafterlogoutafteridp"));
-        centralLogoutFilter.setLocalLogout(false);
+        centralLogoutFilter.setLocalLogout(true);
         centralLogoutFilter.setCentralLogout(true);
         centralLogoutFilter.setLogoutUrlPattern(baseUrl.getAbsoluteUrl("/.*"));
         centralLogoutFilter.setSuffix("/centralLogout");
+        centralLogoutFilter.setDefaultUrl(securityConfig.getDefaultLogoutUrl());
 
         http.authorizeRequests().anyRequest().permitAll();
         

dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/web/SecurityConfigurerAdapter.java

@@ -21,7 +21,7 @@ public class SecurityConfigurerAdapter extends BaseSecurityConfigurerAdapter {
     protected void configure(final HttpSecurity http) throws Exception {
     	List<String> enabledClientNames = this.getEnabledClientNames();
     	final SecurityFilter filter = new SecurityFilter(config, enabledClientNames.stream().collect(Collectors.joining(",")));
-
+    	
         http
         	/*.requestMatchers()
         		.antMatchers("/saml/**", "/form/**")

dariahsp-core/src/main/resources/config.sample.yml

 # Config options of the dariahsp core library
 # Commented properties reflect default values
 auth:
-  #baseUrl: https://c105-229.cloud.gwdg.de/dme
+  #baseUrl: ${baseUrl}
+  #defaultLoginUrl: ${auth.baseUrl}
+  #defaultLogoutUrl: ${auth.baseUrl}
   salt: Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
   rolehierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
   roleDefinitions:

dariahsp-sample-boot/src/main/java/eu/dariah/de/dariahsp/sample/config/SampleConfig.java

 package eu.dariah.de.dariahsp.sample.config;
 
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.web.server.WebServerFactoryCustomizer;
+import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 
 import eu.dariah.de.dariahsp.config.SecurityConfig;
 import eu.dariah.de.dariahsp.config.web.AuthInfoConfigurer;
+import lombok.Data;
+import lombok.extern.slf4j.Slf4j;
 
+@Data
+@Slf4j
 @Configuration
+@ConfigurationProperties
 @Import({SecurityConfig.class, AuthInfoConfigurer.class})
 public class SampleConfig {
 	
+	private String contextPath = "/";
 	
+	@Bean
+	public WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> webServerFactoryCustomizer() {
+		log.info("Web server context path set to {}", contextPath);
+	    return factory -> factory.setContextPath(contextPath);
+	}
 }

dariahsp-sample-boot/src/main/resources/application.yml

+contextPath: /dme
+baseUrl: http://localhost:8080${contextPath:/}
+
 spring:
   mvc:
     view:
@@ -9,7 +12,9 @@ logging:
     web: DEBUG
 
 auth:
-  #baseUrl: https://c105-229.cloud.gwdg.de/dme
+  baseUrl: ${baseUrl}
+  defaultLoginUrl: ${auth.baseUrl}
+  defaultLogoutUrl: ${auth.baseUrl}
   salt: Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
   rolehierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
   roleDefinitions:

dariahsp-sample-boot/src/main/webapp/WEB-INF/views/index.jsp

 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="s" uri="http://www.springframework.org/tags" %>
 <!DOCTYPE HTML>
 <html>
 <head>
@@ -26,21 +27,21 @@
 	<b>Local logins enabled</b>: ${localEnabled}<br />
 	<b>SAML enabled</b>: ${samlEnabled}
 	<h2>Pages</h2>
-	<a href="/">Unprotected base url</a><br />
-	<a href="/protected/authenticated">Protected url: authentication required</a><br />
-	<a href="/method/contributor">Protected url: CONTRIBUTOR role or higher required (method annotation)</a><br />
-	<a href="/protected/contributor">Protected url: CONTRIBUTOR role or higher required (security config)</a><br />
-	<a href="/protected/admin">Protected url: ADMINISTRATOR role required</a><br />
-	<a href="/blocked/noaccess">Blocked url: no access allowed</a><br />
+	<a href="<s:url value="/" />">Unprotected base url</a><br />
+	<a href="<s:url value="/protected/authenticated" />">Protected url: authentication required</a><br />
+	<a href="<s:url value="/method/contributor" />">Protected url: CONTRIBUTOR role or higher required (method annotation)</a><br />
+	<a href="<s:url value="/protected/contributor" />">Protected url: CONTRIBUTOR role or higher required (security config)</a><br />
+	<a href="<s:url value="/protected/admin" />">Protected url: ADMINISTRATOR role required</a><br />
+	<a href="<s:url value="/blocked/noaccess" />">Blocked url: no access allowed</a><br />
 	<br />
 	
 	<h2>Login/Logout</h2>
-	<a href="/logout?url=/?forcepostlogouturl">logout</a><br />
-	<a href="/logout?url=/?forcepostlogouturl">pac4j local logout</a><br />
-	<a href="/centralLogout?url=/?forcepostlogouturlafteridp">pac4j central local logout</a>
+	<a href="<s:url value="/logout?url=/?forcepostlogouturl" />">logout</a><br />
+	<a href="<s:url value="/logout?url=/?forcepostlogouturl" />">pac4j local logout</a><br />
+	<a href="<s:url value="/centralLogout?url=/?forcepostlogouturlafteridp" />">pac4j central local logout</a>
 	<br />
-	<a href="/forceLogin?client_name=saml">Force SAML login</a> (even if already authenticated)<br />
-	<a href="/forceLogin?client_name=local">Force local login</a> (even if already authenticated)<br />
+	<a href="<s:url value="/forceLogin?client_name=saml" />">Force SAML login</a> (even if already authenticated)<br />
+	<a href="<s:url value="/forceLogin?client_name=local" />">Force local login</a> (even if already authenticated)<br />
 	<br /><br />
 </body>
 </html>
\ No newline at end of file