Commit d7682208 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

Merge branch 'v2.1-dev' into 'v2.x-master'

V2.1 dev

See merge request !4
parents 61c0ae24 78d27ecc
Pipeline #17959 passed with stages
in 7 minutes and 21 seconds
image: java:8-jdk
image: java:11-jdk
variables:
GRADLE_OPTS: "-Dorg.gradle.daemon=false"
......
......@@ -5,7 +5,9 @@ plugins {
allprojects {
group = 'eu.dariah.de'
version = '2.1.0-SNAPSHOT'
version = '2.1.1-SNAPSHOT'
apply plugin: 'eclipse'
repositories {
maven {
......@@ -40,7 +42,6 @@ allprojects {
subprojects {
apply plugin: 'java'
apply plugin: 'maven-publish'
apply plugin: 'eclipse'
apply plugin: 'io.spring.dependency-management'
dependencyManagement {
......
......@@ -24,7 +24,6 @@ import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.access.vote.RoleHierarchyVoter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import eu.dariah.de.dariahsp.CustomizableProfileManager;
import eu.dariah.de.dariahsp.ProfileActionHandler;
import eu.dariah.de.dariahsp.authentication.LocalUsernamePasswordAuthenticator;
......@@ -96,7 +95,7 @@ public class SecurityConfig {
public RoleHierarchyVoter roleVoter() {
return new RoleHierarchyVoter(roleHierarchy());
}
@Bean
@SuppressWarnings("rawtypes")
public Config config(Optional<ProfileActionHandler> profileActionHandler) throws URISyntaxException {
......
package eu.dariah.de.dariahsp.config.web;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.annotation.Jsr250Voter;
import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleHierarchyVoter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
......@@ -15,9 +20,15 @@ public class GlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguratio
@Autowired private RoleHierarchyVoter roleVoter;
@Override
public AffirmativeBased accessDecisionManager() {
List<AccessDecisionVoter<?>> decisionVoters = new ArrayList<>();
decisionVoters.add(roleVoter);
public AccessDecisionManager accessDecisionManager() {
ExpressionBasedPreInvocationAdvice expressionAdvice = new ExpressionBasedPreInvocationAdvice();
expressionAdvice.setExpressionHandler(getExpressionHandler());
List<AccessDecisionVoter<?>> decisionVoters = Arrays.asList(
new PreInvocationAuthorizationAdviceVoter(expressionAdvice),
new Jsr250Voter(),
roleVoter,
new AuthenticatedVoter());
return new AffirmativeBased(decisionVoters);
}
}
\ No newline at end of file
......@@ -28,6 +28,7 @@ public class SecurityConfigurerAdapter extends BaseSecurityConfigurerAdapter {
.antMatchers("/saml/**", "/form/**")
.and()
.authorizeRequests()
.expressionHandler(this.hierarchicalExpressionHandler())
.antMatchers("/saml/admin.html").hasRole("ADMINISTRATOR")
.antMatchers("/saml/**").authenticated()*/
//.and()
......
......@@ -16,7 +16,7 @@ import eu.dariah.de.dariahsp.config.web.DefaultFiltersConfigurerAdapter;
*/
@EnableWebSecurity
public class SampleWebSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* Adapt this as required in a target application
*
......@@ -24,7 +24,7 @@ public class SampleWebSecurityConfig extends WebSecurityConfigurerAdapter {
*/
@Configuration
@Order(1)
public static class WebSecurityConfigAdapter extends SecurityConfigurerAdapter {
public class WebSecurityConfigAdapter extends SecurityConfigurerAdapter {
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
......@@ -49,5 +49,5 @@ public class SampleWebSecurityConfig extends WebSecurityConfigurerAdapter {
*/
@Configuration
@Order(2)
public static class CallbackLoginLogoutConfigurationAdapter extends DefaultFiltersConfigurerAdapter {}
public class CallbackLoginLogoutConfigurationAdapter extends DefaultFiltersConfigurerAdapter {}
}
......@@ -10,6 +10,7 @@ import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.http.client.indirect.FormClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
......@@ -53,6 +54,15 @@ public class SampleController {
return INDEX_PAGE;
}
@PreAuthorize("isAuthenticated()")
@RequestMapping("/method/authenticated")
public String protectedMethodAuthenticated(Map<String, Object> map) {
this.assembleMap(map,
"/method/authenticated",
"Authentication (no particular role) required (method) config)");
return INDEX_PAGE;
}
@RequestMapping("/protected/authenticated")
public String protectedAuthenticated(Map<String, Object> map) {
this.assembleMap(map,
......
contextPath: /contextpath
#baseUrl: http://localhost:8080${contextPath:/}
baseUrl: https://externally.visible.example.com${contextPath:/}
#contextPath: /contextpath
#baseUrl: https://externally.visible.example.com${contextPath:/}
baseUrl: http://localhost:8080
spring:
mvc:
......@@ -49,7 +49,7 @@ auth:
passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
roles: ["application_user"]
saml:
enabled: true
enabled: false
authorizerName: saml
keystore:
#path: /path/to/keystore.jks
......
......@@ -29,6 +29,7 @@
<h2>Pages</h2>
<a href="<s:url value="/" />">Unprotected base url</a><br />
<a href="<s:url value="/protected/authenticated" />">Protected url: authentication required</a><br />
<a href="<s:url value="/method/authenticated" />">Protected url: authentication required (method annotation)</a><br />
<a href="<s:url value="/method/contributor" />">Protected url: CONTRIBUTOR role or higher required (method annotation)</a><br />
<a href="<s:url value="/protected/contributor" />">Protected url: CONTRIBUTOR role or higher required (security config)</a><br />
<a href="<s:url value="/protected/admin" />">Protected url: ADMINISTRATOR role required</a><br />
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment