Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
dariah
dariahsp
Commits
b146719c
Commit
b146719c
authored
Nov 04, 2020
by
Gradl, Tobias
Browse files
8: Allow custom context path in web application
Task-Url:
#8
parent
034603f7
Pipeline
#17628
passed with stage
in 1 minute and 54 seconds
Changes
7
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/SecurityConfig.java
View file @
b146719c
...
...
@@ -7,6 +7,9 @@ import java.nio.file.Paths;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.Optional
;
import
javax.servlet.ServletContext
;
import
org.pac4j.core.client.Client
;
import
org.pac4j.core.client.Clients
;
import
org.pac4j.core.config.Config
;
...
...
@@ -17,6 +20,8 @@ import org.pac4j.saml.config.SAML2Configuration;
import
org.pac4j.saml.credentials.SAML2Credentials
;
import
org.pac4j.springframework.annotation.AnnotationConfig
;
import
org.pac4j.springframework.component.ComponentConfig
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.boot.context.properties.ConfigurationProperties
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.ComponentScan
;
...
...
@@ -49,7 +54,9 @@ public class SecurityConfig {
private
String
roleHierarchy
;
private
final
List
<
RoleDefinition
>
roleDefinitions
;
private
String
baseUrl
=
"http://localhost:8080"
;
private
String
defaultLoginUrl
=
baseUrl
;
private
String
defaultLogoutUrl
=
baseUrl
;
@Bean
public
Optional
<
LocalUsernamePasswordAuthenticator
>
localUsernamePasswordAuthenticator
()
{
if
(!
local
.
isEnabled
())
{
...
...
@@ -104,7 +111,7 @@ public class SecurityConfig {
if
(
formClient
.
isPresent
())
{
formClient
.
get
().
setProfileCreator
(
localProfileCreator
());
clients
.
add
(
formClient
.
get
());
}
}
return
new
Config
(
new
Clients
(
baseUrl
().
getAbsoluteUrl
(
"/callback"
),
clients
));
}
...
...
@@ -155,10 +162,10 @@ public class SecurityConfig {
return
Optional
.
of
(
c
);
}
private
Optional
<
FormClient
>
getFormClient
()
{
private
Optional
<
FormClient
>
getFormClient
()
throws
URISyntaxException
{
Optional
<
LocalUsernamePasswordAuthenticator
>
localUsernamePasswordAuthenticator
=
localUsernamePasswordAuthenticator
();
if
(
localUsernamePasswordAuthenticator
.
isPresent
())
{
FormClient
c
=
new
FormClient
(
"/login"
,
localUsernamePasswordAuthenticator
.
get
());
FormClient
c
=
new
FormClient
(
baseUrl
().
getAbsoluteUrl
(
"/login"
)
,
localUsernamePasswordAuthenticator
.
get
());
c
.
setName
(
local
.
getAuthorizerName
());
return
Optional
.
of
(
c
);
}
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/web/DefaultFiltersConfigurerAdapter.java
View file @
b146719c
...
...
@@ -5,27 +5,35 @@ import java.util.List;
import
org.pac4j.springframework.security.web.CallbackFilter
;
import
org.pac4j.springframework.security.web.LogoutFilter
;
import
org.pac4j.springframework.security.web.Pac4jEntryPoint
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.web.authentication.www.BasicAuthenticationFilter
;
import
eu.dariah.de.dariahsp.config.SecurityConfig
;
public
class
DefaultFiltersConfigurerAdapter
extends
BaseSecurityConfigurerAdapter
{
@Autowired
private
SecurityConfig
securityConfig
;
@Override
protected
void
configure
(
final
HttpSecurity
http
)
throws
Exception
{
List
<
String
>
enabledClientNames
=
this
.
getEnabledClientNames
();
final
CallbackFilter
callbackFilter
=
new
CallbackFilter
(
config
);
callbackFilter
.
setMultiProfile
(
true
);
callbackFilter
.
setMultiProfile
(
false
);
callbackFilter
.
setDefaultUrl
(
securityConfig
.
getDefaultLoginUrl
());
final
LogoutFilter
logoutFilter
=
new
LogoutFilter
(
config
,
"/?defaulturlafterlogout"
);
logoutFilter
.
setDestroySession
(
true
);
logoutFilter
.
setSuffix
(
"/logout"
);
logoutFilter
.
setDefaultUrl
(
securityConfig
.
getDefaultLogoutUrl
());
final
LogoutFilter
centralLogoutFilter
=
new
LogoutFilter
(
config
,
baseUrl
.
getAbsoluteUrl
(
"/?defaulturlafterlogoutafteridp"
));
centralLogoutFilter
.
setLocalLogout
(
fals
e
);
centralLogoutFilter
.
setLocalLogout
(
tru
e
);
centralLogoutFilter
.
setCentralLogout
(
true
);
centralLogoutFilter
.
setLogoutUrlPattern
(
baseUrl
.
getAbsoluteUrl
(
"/.*"
));
centralLogoutFilter
.
setSuffix
(
"/centralLogout"
);
centralLogoutFilter
.
setDefaultUrl
(
securityConfig
.
getDefaultLogoutUrl
());
http
.
authorizeRequests
().
anyRequest
().
permitAll
();
...
...
dariahsp-core/src/main/java/eu/dariah/de/dariahsp/config/web/SecurityConfigurerAdapter.java
View file @
b146719c
...
...
@@ -21,7 +21,7 @@ public class SecurityConfigurerAdapter extends BaseSecurityConfigurerAdapter {
protected
void
configure
(
final
HttpSecurity
http
)
throws
Exception
{
List
<
String
>
enabledClientNames
=
this
.
getEnabledClientNames
();
final
SecurityFilter
filter
=
new
SecurityFilter
(
config
,
enabledClientNames
.
stream
().
collect
(
Collectors
.
joining
(
","
)));
http
/*.requestMatchers()
.antMatchers("/saml/**", "/form/**")
...
...
dariahsp-core/src/main/resources/config.sample.yml
View file @
b146719c
# Config options of the dariahsp core library
# Commented properties reflect default values
auth
:
#baseUrl: https://c105-229.cloud.gwdg.de/dme
#baseUrl: ${baseUrl}
#defaultLoginUrl: ${auth.baseUrl}
#defaultLogoutUrl: ${auth.baseUrl}
salt
:
Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
rolehierarchy
:
ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
roleDefinitions
:
...
...
dariahsp-sample-boot/src/main/java/eu/dariah/de/dariahsp/sample/config/SampleConfig.java
View file @
b146719c
package
eu.dariah.de.dariahsp.sample.config
;
import
org.springframework.boot.context.properties.ConfigurationProperties
;
import
org.springframework.boot.web.server.WebServerFactoryCustomizer
;
import
org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.context.annotation.Import
;
import
eu.dariah.de.dariahsp.config.SecurityConfig
;
import
eu.dariah.de.dariahsp.config.web.AuthInfoConfigurer
;
import
lombok.Data
;
import
lombok.extern.slf4j.Slf4j
;
@Data
@Slf4j
@Configuration
@ConfigurationProperties
@Import
({
SecurityConfig
.
class
,
AuthInfoConfigurer
.
class
})
public
class
SampleConfig
{
private
String
contextPath
=
"/"
;
@Bean
public
WebServerFactoryCustomizer
<
ConfigurableServletWebServerFactory
>
webServerFactoryCustomizer
()
{
log
.
info
(
"Web server context path set to {}"
,
contextPath
);
return
factory
->
factory
.
setContextPath
(
contextPath
);
}
}
dariahsp-sample-boot/src/main/resources/application.yml
View file @
b146719c
contextPath
:
/dme
baseUrl
:
http://localhost:8080${contextPath:/}
spring
:
mvc
:
view
:
...
...
@@ -9,7 +12,9 @@ logging:
web
:
DEBUG
auth
:
#baseUrl: https://c105-229.cloud.gwdg.de/dme
baseUrl
:
${baseUrl}
defaultLoginUrl
:
${auth.baseUrl}
defaultLogoutUrl
:
${auth.baseUrl}
salt
:
Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
rolehierarchy
:
ROLE_ADMINISTRATOR > ROLE_CONTRIBUTOR > ROLE_USER
roleDefinitions
:
...
...
dariahsp-sample-boot/src/main/webapp/WEB-INF/views/index.jsp
View file @
b146719c
<%@ page
language=
"java"
contentType=
"text/html; charset=UTF-8"
pageEncoding=
"UTF-8"
%>
<%@ taglib
prefix=
"c"
uri=
"http://java.sun.com/jsp/jstl/core"
%>
<%@ taglib
prefix=
"fn"
uri=
"http://java.sun.com/jsp/jstl/functions"
%>
<%@ taglib
prefix=
"s"
uri=
"http://www.springframework.org/tags"
%>
<!DOCTYPE HTML>
<html>
<head>
...
...
@@ -26,21 +27,21 @@
<b>
Local logins enabled
</b>
: ${localEnabled}
<br
/>
<b>
SAML enabled
</b>
: ${samlEnabled}
<h2>
Pages
</h2>
<a
href=
"
/
"
>
Unprotected base url
</a><br
/>
<a
href=
"/protected/authenticated"
>
Protected url: authentication required
</a><br
/>
<a
href=
"/method/contributor"
>
Protected url: CONTRIBUTOR role or higher required (method annotation)
</a><br
/>
<a
href=
"/protected/contributor"
>
Protected url: CONTRIBUTOR role or higher required (security config)
</a><br
/>
<a
href=
"/protected/admin"
>
Protected url: ADMINISTRATOR role required
</a><br
/>
<a
href=
"/blocked/noaccess"
>
Blocked url: no access allowed
</a><br
/>
<a
href=
"
<s:url
value=
"/"
/>
"
>
Unprotected base url
</a><br
/>
<a
href=
"
<s:url
value=
"
/protected/authenticated"
/>
"
>
Protected url: authentication required
</a><br
/>
<a
href=
"
<s:url
value=
"
/method/contributor"
/>
"
>
Protected url: CONTRIBUTOR role or higher required (method annotation)
</a><br
/>
<a
href=
"
<s:url
value=
"
/protected/contributor"
/>
"
>
Protected url: CONTRIBUTOR role or higher required (security config)
</a><br
/>
<a
href=
"
<s:url
value=
"
/protected/admin"
/>
"
>
Protected url: ADMINISTRATOR role required
</a><br
/>
<a
href=
"
<s:url
value=
"
/blocked/noaccess"
/>
"
>
Blocked url: no access allowed
</a><br
/>
<br
/>
<h2>
Login/Logout
</h2>
<a
href=
"/logout?url=/?forcepostlogouturl"
>
logout
</a><br
/>
<a
href=
"/logout?url=/?forcepostlogouturl"
>
pac4j local logout
</a><br
/>
<a
href=
"/centralLogout?url=/?forcepostlogouturlafteridp"
>
pac4j central local logout
</a>
<a
href=
"
<s:url
value=
"
/logout?url=/?forcepostlogouturl"
/>
"
>
logout
</a><br
/>
<a
href=
"
<s:url
value=
"
/logout?url=/?forcepostlogouturl"
/>
"
>
pac4j local logout
</a><br
/>
<a
href=
"
<s:url
value=
"
/centralLogout?url=/?forcepostlogouturlafteridp"
/>
"
>
pac4j central local logout
</a>
<br
/>
<a
href=
"/forceLogin?client_name=saml"
>
Force SAML login
</a>
(even if already authenticated)
<br
/>
<a
href=
"/forceLogin?client_name=local"
>
Force local login
</a>
(even if already authenticated)
<br
/>
<a
href=
"
<s:url
value=
"
/forceLogin?client_name=saml"
/>
"
>
Force SAML login
</a>
(even if already authenticated)
<br
/>
<a
href=
"
<s:url
value=
"
/forceLogin?client_name=local"
/>
"
>
Force local login
</a>
(even if already authenticated)
<br
/>
<br
/><br
/>
</body>
</html>
\ No newline at end of file
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment