Commit b146719c authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

8: Allow custom context path in web application

Task-Url: #8
parent 034603f7
Pipeline #17628 passed with stage
in 1 minute and 54 seconds
......@@ -7,6 +7,9 @@ import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import javax.servlet.ServletContext;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.config.Config;
......@@ -17,6 +20,8 @@ import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.pac4j.springframework.annotation.AnnotationConfig;
import org.pac4j.springframework.component.ComponentConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
......@@ -49,7 +54,9 @@ public class SecurityConfig {
private String roleHierarchy;
private final List<RoleDefinition> roleDefinitions;
private String baseUrl = "http://localhost:8080";
private String defaultLoginUrl = baseUrl;
private String defaultLogoutUrl = baseUrl;
@Bean
public Optional<LocalUsernamePasswordAuthenticator> localUsernamePasswordAuthenticator() {
if (!local.isEnabled()) {
......@@ -104,7 +111,7 @@ public class SecurityConfig {
if (formClient.isPresent()) {
formClient.get().setProfileCreator(localProfileCreator());
clients.add(formClient.get());
}
}
return new Config(new Clients(baseUrl().getAbsoluteUrl("/callback"), clients));
}
......@@ -155,10 +162,10 @@ public class SecurityConfig {
return Optional.of(c);
}
private Optional<FormClient> getFormClient() {
private Optional<FormClient> getFormClient() throws URISyntaxException {
Optional<LocalUsernamePasswordAuthenticator> localUsernamePasswordAuthenticator = localUsernamePasswordAuthenticator();
if (localUsernamePasswordAuthenticator.isPresent()) {
FormClient c = new FormClient("/login", localUsernamePasswordAuthenticator.get());
FormClient c = new FormClient(baseUrl().getAbsoluteUrl("/login"), localUsernamePasswordAuthenticator.get());
c.setName(local.getAuthorizerName());
return Optional.of(c);
}
......
......@@ -5,27 +5,35 @@ import java.util.List;
import org.pac4j.springframework.security.web.CallbackFilter;
import org.pac4j.springframework.security.web.LogoutFilter;
import org.pac4j.springframework.security.web.Pac4jEntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import eu.dariah.de.dariahsp.config.SecurityConfig;
public class DefaultFiltersConfigurerAdapter extends BaseSecurityConfigurerAdapter {
@Autowired private SecurityConfig securityConfig;
@Override
protected void configure(final HttpSecurity http) throws Exception {
List<String> enabledClientNames = this.getEnabledClientNames();
final CallbackFilter callbackFilter = new CallbackFilter(config);
callbackFilter.setMultiProfile(true);
callbackFilter.setMultiProfile(false);
callbackFilter.setDefaultUrl(securityConfig.getDefaultLoginUrl());
final LogoutFilter logoutFilter = new LogoutFilter(config, "/?defaulturlafterlogout");
logoutFilter.setDestroySession(true);
logoutFilter.setSuffix("/logout");
logoutFilter.setDefaultUrl(securityConfig.getDefaultLogoutUrl());
final LogoutFilter centralLogoutFilter = new LogoutFilter(config, baseUrl.getAbsoluteUrl("/?defaulturlafterlogoutafteridp"));
centralLogoutFilter.setLocalLogout(false);
centralLogoutFilter.setLocalLogout(true);
centralLogoutFilter.setCentralLogout(true);
centralLogoutFilter.setLogoutUrlPattern(baseUrl.getAbsoluteUrl("/.*"));
centralLogoutFilter.setSuffix("/centralLogout");
centralLogoutFilter.setDefaultUrl(securityConfig.getDefaultLogoutUrl());
http.authorizeRequests().anyRequest().permitAll();
......
......@@ -21,7 +21,7 @@ public class SecurityConfigurerAdapter extends BaseSecurityConfigurerAdapter {
protected void configure(final HttpSecurity http) throws Exception {
List<String> enabledClientNames = this.getEnabledClientNames();
final SecurityFilter filter = new SecurityFilter(config, enabledClientNames.stream().collect(Collectors.joining(",")));
http
/*.requestMatchers()
.antMatchers("/saml/**", "/form/**")
......
# Config options of the dariahsp core library
# Commented properties reflect default values
auth:
#baseUrl: https://c105-229.cloud.gwdg.de/dme
#baseUrl: ${baseUrl}
#defaultLoginUrl: ${auth.baseUrl}
#defaultLogoutUrl: ${auth.baseUrl}
salt: Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
rolehierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
roleDefinitions:
......
package eu.dariah.de.dariahsp.sample.config;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import eu.dariah.de.dariahsp.config.SecurityConfig;
import eu.dariah.de.dariahsp.config.web.AuthInfoConfigurer;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
@Data
@Slf4j
@Configuration
@ConfigurationProperties
@Import({SecurityConfig.class, AuthInfoConfigurer.class})
public class SampleConfig {
private String contextPath = "/";
@Bean
public WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> webServerFactoryCustomizer() {
log.info("Web server context path set to {}", contextPath);
return factory -> factory.setContextPath(contextPath);
}
}
contextPath: /dme
baseUrl: http://localhost:8080${contextPath:/}
spring:
mvc:
view:
......@@ -9,7 +12,9 @@ logging:
web: DEBUG
auth:
#baseUrl: https://c105-229.cloud.gwdg.de/dme
baseUrl: ${baseUrl}
defaultLoginUrl: ${auth.baseUrl}
defaultLogoutUrl: ${auth.baseUrl}
salt: Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
rolehierarchy: ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
roleDefinitions:
......
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@ taglib prefix="s" uri="http://www.springframework.org/tags" %>
<!DOCTYPE HTML>
<html>
<head>
......@@ -26,21 +27,21 @@
<b>Local logins enabled</b>: ${localEnabled}<br />
<b>SAML enabled</b>: ${samlEnabled}
<h2>Pages</h2>
<a href="/">Unprotected base url</a><br />
<a href="/protected/authenticated">Protected url: authentication required</a><br />
<a href="/method/contributor">Protected url: CONTRIBUTOR role or higher required (method annotation)</a><br />
<a href="/protected/contributor">Protected url: CONTRIBUTOR role or higher required (security config)</a><br />
<a href="/protected/admin">Protected url: ADMINISTRATOR role required</a><br />
<a href="/blocked/noaccess">Blocked url: no access allowed</a><br />
<a href="<s:url value="/" />">Unprotected base url</a><br />
<a href="<s:url value="/protected/authenticated" />">Protected url: authentication required</a><br />
<a href="<s:url value="/method/contributor" />">Protected url: CONTRIBUTOR role or higher required (method annotation)</a><br />
<a href="<s:url value="/protected/contributor" />">Protected url: CONTRIBUTOR role or higher required (security config)</a><br />
<a href="<s:url value="/protected/admin" />">Protected url: ADMINISTRATOR role required</a><br />
<a href="<s:url value="/blocked/noaccess" />">Blocked url: no access allowed</a><br />
<br />
<h2>Login/Logout</h2>
<a href="/logout?url=/?forcepostlogouturl">logout</a><br />
<a href="/logout?url=/?forcepostlogouturl">pac4j local logout</a><br />
<a href="/centralLogout?url=/?forcepostlogouturlafteridp">pac4j central local logout</a>
<a href="<s:url value="/logout?url=/?forcepostlogouturl" />">logout</a><br />
<a href="<s:url value="/logout?url=/?forcepostlogouturl" />">pac4j local logout</a><br />
<a href="<s:url value="/centralLogout?url=/?forcepostlogouturlafteridp" />">pac4j central local logout</a>
<br />
<a href="/forceLogin?client_name=saml">Force SAML login</a> (even if already authenticated)<br />
<a href="/forceLogin?client_name=local">Force local login</a> (even if already authenticated)<br />
<a href="<s:url value="/forceLogin?client_name=saml" />">Force SAML login</a> (even if already authenticated)<br />
<a href="<s:url value="/forceLogin?client_name=local" />">Force local login</a> (even if already authenticated)<br />
<br /><br />
</body>
</html>
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment