Commit d5d9d86f authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

Merge branch 'v2.1-dev' into 'v2.x-master'

18: Adapt according to needs of first actual implementation (CR)

See merge request !5
parents d7682208 68b8b536
Pipeline #17975 passed with stages
in 7 minutes and 17 seconds
...@@ -5,7 +5,7 @@ plugins { ...@@ -5,7 +5,7 @@ plugins {
allprojects { allprojects {
group = 'eu.dariah.de' group = 'eu.dariah.de'
version = '2.1.1-SNAPSHOT' version = '2.1.2-SNAPSHOT'
apply plugin: 'eclipse' apply plugin: 'eclipse'
......
...@@ -7,6 +7,7 @@ import java.nio.file.Paths; ...@@ -7,6 +7,7 @@ import java.nio.file.Paths;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import java.util.stream.Collectors;
import org.pac4j.core.client.Client; import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients; import org.pac4j.core.client.Clients;
...@@ -34,27 +35,31 @@ import eu.dariah.de.dariahsp.helpers.SAMLMetadataHelper; ...@@ -34,27 +35,31 @@ import eu.dariah.de.dariahsp.helpers.SAMLMetadataHelper;
import eu.dariah.de.dariahsp.profiles.LocalProfileCreator; import eu.dariah.de.dariahsp.profiles.LocalProfileCreator;
import eu.dariah.de.dariahsp.profiles.SamlProfileCreator; import eu.dariah.de.dariahsp.profiles.SamlProfileCreator;
import eu.dariah.de.dariahsp.web.AuthInfoHelper; import eu.dariah.de.dariahsp.web.AuthInfoHelper;
import lombok.Data; import lombok.Getter;
import lombok.Setter;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
@Data
@Slf4j @Slf4j
@Configuration @Configuration
@ComponentScan @ComponentScan
@Import({ComponentConfig.class, AnnotationConfig.class}) @Import({ComponentConfig.class, AnnotationConfig.class})
public class SecurityConfig { public class SecurityConfig {
private final LocalSecurity local = new LocalSecurity(); @Getter private final LocalSecurity local = new LocalSecurity();
private final SAMLSecurity saml = new SAMLSecurity(); @Getter private final SAMLSecurity saml = new SAMLSecurity();
private String salt; @Getter @Setter private String salt;
private String permissionHierarchy = ""; @Getter @Setter private String permissionHierarchy = "";
private List<PermissionDefinition> permissionDefinitions; @Getter @Setter private List<PermissionDefinition> permissionDefinitions;
private String baseUrl = "http://localhost:8080"; @Getter @Setter private String baseUrl = "http://localhost:8080";
private String defaultLoginUrl = null;
private String defaultLogoutUrl = null; @Setter private String defaultLoginUrl = null;
@Setter private String defaultLogoutUrl = null;
@Getter private List<String> enabledClientNames = null;
public String getDefaultLoginUrl() { return defaultLoginUrl==null ? baseUrl : defaultLoginUrl; } public String getDefaultLoginUrl() { return defaultLoginUrl==null ? baseUrl : defaultLoginUrl; }
public String getDefaultLogoutUrl() { return defaultLogoutUrl==null ? baseUrl : defaultLogoutUrl; } public String getDefaultLogoutUrl() { return defaultLogoutUrl==null ? baseUrl : defaultLogoutUrl; }
@Bean @Bean
public Optional<LocalUsernamePasswordAuthenticator> localUsernamePasswordAuthenticator() { public Optional<LocalUsernamePasswordAuthenticator> localUsernamePasswordAuthenticator() {
...@@ -94,8 +99,8 @@ public class SecurityConfig { ...@@ -94,8 +99,8 @@ public class SecurityConfig {
@Bean @Bean
public RoleHierarchyVoter roleVoter() { public RoleHierarchyVoter roleVoter() {
return new RoleHierarchyVoter(roleHierarchy()); return new RoleHierarchyVoter(roleHierarchy());
} }
@Bean @Bean
@SuppressWarnings("rawtypes") @SuppressWarnings("rawtypes")
public Config config(Optional<ProfileActionHandler> profileActionHandler) throws URISyntaxException { public Config config(Optional<ProfileActionHandler> profileActionHandler) throws URISyntaxException {
...@@ -110,7 +115,13 @@ public class SecurityConfig { ...@@ -110,7 +115,13 @@ public class SecurityConfig {
clients.add(formClient); clients.add(formClient);
} }
Config.setProfileManagerFactory("customizableProfileManager", ctx -> new CustomizableProfileManager(ctx, profileActionHandler.orElse(null))); Config.setProfileManagerFactory("customizableProfileManager", ctx -> new CustomizableProfileManager(ctx, profileActionHandler.orElse(null)));
return new Config(new Clients(baseUrl().getAbsoluteUrl("/callback"), clients)); Config c = new Config(new Clients(baseUrl().getAbsoluteUrl("/callback"), clients));
enabledClientNames = c.getClients().findAllClients().stream()
.map(Client::getName)
.collect(Collectors.toList());
return c;
} }
......
package eu.dariah.de.dariahsp.config.web;
import java.util.List;
import java.util.stream.Collectors;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import eu.dariah.de.dariahsp.config.BaseUrl;
public abstract class BaseSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Autowired protected Config config;
@Autowired protected BaseUrl baseUrl;
protected List<String> getEnabledClientNames() {
return config.getClients().findAllClients().stream()
.map(Client::getName)
.collect(Collectors.toList());
}
}
...@@ -2,22 +2,26 @@ package eu.dariah.de.dariahsp.config.web; ...@@ -2,22 +2,26 @@ package eu.dariah.de.dariahsp.config.web;
import java.util.List; import java.util.List;
import org.pac4j.core.config.Config;
import org.pac4j.springframework.security.web.CallbackFilter; import org.pac4j.springframework.security.web.CallbackFilter;
import org.pac4j.springframework.security.web.LogoutFilter; import org.pac4j.springframework.security.web.LogoutFilter;
import org.pac4j.springframework.security.web.Pac4jEntryPoint; import org.pac4j.springframework.security.web.Pac4jEntryPoint;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import eu.dariah.de.dariahsp.config.BaseUrl;
import eu.dariah.de.dariahsp.config.SecurityConfig; import eu.dariah.de.dariahsp.config.SecurityConfig;
public class DefaultFiltersConfigurerAdapter extends BaseSecurityConfigurerAdapter { public class DefaultFiltersConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Autowired private SecurityConfig securityConfig; @Autowired private SecurityConfig securityConfig;
@Autowired protected Config config;
@Autowired private BaseUrl baseUrl;
@Override @Override
protected void configure(final HttpSecurity http) throws Exception { protected void configure(final HttpSecurity http) throws Exception {
List<String> enabledClientNames = this.getEnabledClientNames(); List<String> enabledClientNames = securityConfig.getEnabledClientNames();
final CallbackFilter callbackFilter = new CallbackFilter(config); final CallbackFilter callbackFilter = new CallbackFilter(config);
callbackFilter.setMultiProfile(false); callbackFilter.setMultiProfile(false);
......
...@@ -3,24 +3,29 @@ package eu.dariah.de.dariahsp.config.web; ...@@ -3,24 +3,29 @@ package eu.dariah.de.dariahsp.config.web;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.pac4j.core.config.Config;
import org.pac4j.springframework.security.web.Pac4jEntryPoint; import org.pac4j.springframework.security.web.Pac4jEntryPoint;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.expression.SecurityExpressionHandler; import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy; import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler; import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import eu.dariah.de.dariahsp.SecurityFilter; import eu.dariah.de.dariahsp.SecurityFilter;
import eu.dariah.de.dariahsp.config.SecurityConfig;
public class SecurityConfigurerAdapter extends BaseSecurityConfigurerAdapter { public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Autowired private RoleHierarchy roleHierarchy; @Autowired protected Config config;
@Autowired private RoleHierarchy roleHierarchy;
@Autowired private SecurityConfig securityConfig;
@Override @Override
protected void configure(final HttpSecurity http) throws Exception { protected void configure(final HttpSecurity http) throws Exception {
List<String> enabledClientNames = this.getEnabledClientNames(); List<String> enabledClientNames = securityConfig.getEnabledClientNames();
final SecurityFilter filter = new SecurityFilter(config, enabledClientNames.stream().collect(Collectors.joining(","))); final SecurityFilter filter = new SecurityFilter(config, enabledClientNames.stream().collect(Collectors.joining(",")));
http http
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment