Commit d7682208 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

Merge branch 'v2.1-dev' into 'v2.x-master'

V2.1 dev

See merge request !4
parents 61c0ae24 78d27ecc
Pipeline #17959 passed with stages
in 7 minutes and 21 seconds
image: java:8-jdk image: java:11-jdk
variables: variables:
GRADLE_OPTS: "-Dorg.gradle.daemon=false" GRADLE_OPTS: "-Dorg.gradle.daemon=false"
......
...@@ -5,7 +5,9 @@ plugins { ...@@ -5,7 +5,9 @@ plugins {
allprojects { allprojects {
group = 'eu.dariah.de' group = 'eu.dariah.de'
version = '2.1.0-SNAPSHOT' version = '2.1.1-SNAPSHOT'
apply plugin: 'eclipse'
repositories { repositories {
maven { maven {
...@@ -40,7 +42,6 @@ allprojects { ...@@ -40,7 +42,6 @@ allprojects {
subprojects { subprojects {
apply plugin: 'java' apply plugin: 'java'
apply plugin: 'maven-publish' apply plugin: 'maven-publish'
apply plugin: 'eclipse'
apply plugin: 'io.spring.dependency-management' apply plugin: 'io.spring.dependency-management'
dependencyManagement { dependencyManagement {
......
...@@ -24,7 +24,6 @@ import org.springframework.security.access.hierarchicalroles.RoleHierarchy; ...@@ -24,7 +24,6 @@ import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl; import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.access.vote.RoleHierarchyVoter; import org.springframework.security.access.vote.RoleHierarchyVoter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import eu.dariah.de.dariahsp.CustomizableProfileManager; import eu.dariah.de.dariahsp.CustomizableProfileManager;
import eu.dariah.de.dariahsp.ProfileActionHandler; import eu.dariah.de.dariahsp.ProfileActionHandler;
import eu.dariah.de.dariahsp.authentication.LocalUsernamePasswordAuthenticator; import eu.dariah.de.dariahsp.authentication.LocalUsernamePasswordAuthenticator;
...@@ -96,7 +95,7 @@ public class SecurityConfig { ...@@ -96,7 +95,7 @@ public class SecurityConfig {
public RoleHierarchyVoter roleVoter() { public RoleHierarchyVoter roleVoter() {
return new RoleHierarchyVoter(roleHierarchy()); return new RoleHierarchyVoter(roleHierarchy());
} }
@Bean @Bean
@SuppressWarnings("rawtypes") @SuppressWarnings("rawtypes")
public Config config(Optional<ProfileActionHandler> profileActionHandler) throws URISyntaxException { public Config config(Optional<ProfileActionHandler> profileActionHandler) throws URISyntaxException {
......
package eu.dariah.de.dariahsp.config.web; package eu.dariah.de.dariahsp.config.web;
import java.util.ArrayList; import java.util.Arrays;
import java.util.List; import java.util.List;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.annotation.Jsr250Voter;
import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
import org.springframework.security.access.vote.AffirmativeBased; import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleHierarchyVoter; import org.springframework.security.access.vote.RoleHierarchyVoter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration; import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
...@@ -15,9 +20,15 @@ public class GlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguratio ...@@ -15,9 +20,15 @@ public class GlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguratio
@Autowired private RoleHierarchyVoter roleVoter; @Autowired private RoleHierarchyVoter roleVoter;
@Override @Override
public AffirmativeBased accessDecisionManager() { public AccessDecisionManager accessDecisionManager() {
List<AccessDecisionVoter<?>> decisionVoters = new ArrayList<>(); ExpressionBasedPreInvocationAdvice expressionAdvice = new ExpressionBasedPreInvocationAdvice();
decisionVoters.add(roleVoter); expressionAdvice.setExpressionHandler(getExpressionHandler());
List<AccessDecisionVoter<?>> decisionVoters = Arrays.asList(
new PreInvocationAuthorizationAdviceVoter(expressionAdvice),
new Jsr250Voter(),
roleVoter,
new AuthenticatedVoter());
return new AffirmativeBased(decisionVoters); return new AffirmativeBased(decisionVoters);
} }
} }
\ No newline at end of file
...@@ -28,6 +28,7 @@ public class SecurityConfigurerAdapter extends BaseSecurityConfigurerAdapter { ...@@ -28,6 +28,7 @@ public class SecurityConfigurerAdapter extends BaseSecurityConfigurerAdapter {
.antMatchers("/saml/**", "/form/**") .antMatchers("/saml/**", "/form/**")
.and() .and()
.authorizeRequests() .authorizeRequests()
.expressionHandler(this.hierarchicalExpressionHandler())
.antMatchers("/saml/admin.html").hasRole("ADMINISTRATOR") .antMatchers("/saml/admin.html").hasRole("ADMINISTRATOR")
.antMatchers("/saml/**").authenticated()*/ .antMatchers("/saml/**").authenticated()*/
//.and() //.and()
......
...@@ -16,7 +16,7 @@ import eu.dariah.de.dariahsp.config.web.DefaultFiltersConfigurerAdapter; ...@@ -16,7 +16,7 @@ import eu.dariah.de.dariahsp.config.web.DefaultFiltersConfigurerAdapter;
*/ */
@EnableWebSecurity @EnableWebSecurity
public class SampleWebSecurityConfig extends WebSecurityConfigurerAdapter { public class SampleWebSecurityConfig extends WebSecurityConfigurerAdapter {
/** /**
* Adapt this as required in a target application * Adapt this as required in a target application
* *
...@@ -24,7 +24,7 @@ public class SampleWebSecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -24,7 +24,7 @@ public class SampleWebSecurityConfig extends WebSecurityConfigurerAdapter {
*/ */
@Configuration @Configuration
@Order(1) @Order(1)
public static class WebSecurityConfigAdapter extends SecurityConfigurerAdapter { public class WebSecurityConfigAdapter extends SecurityConfigurerAdapter {
@Override @Override
protected void configure(final HttpSecurity http) throws Exception { protected void configure(final HttpSecurity http) throws Exception {
http http
...@@ -49,5 +49,5 @@ public class SampleWebSecurityConfig extends WebSecurityConfigurerAdapter { ...@@ -49,5 +49,5 @@ public class SampleWebSecurityConfig extends WebSecurityConfigurerAdapter {
*/ */
@Configuration @Configuration
@Order(2) @Order(2)
public static class CallbackLoginLogoutConfigurationAdapter extends DefaultFiltersConfigurerAdapter {} public class CallbackLoginLogoutConfigurationAdapter extends DefaultFiltersConfigurerAdapter {}
} }
...@@ -10,6 +10,7 @@ import org.pac4j.core.http.adapter.JEEHttpActionAdapter; ...@@ -10,6 +10,7 @@ import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.http.client.indirect.FormClient; import org.pac4j.http.client.indirect.FormClient;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured; import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
...@@ -53,6 +54,15 @@ public class SampleController { ...@@ -53,6 +54,15 @@ public class SampleController {
return INDEX_PAGE; return INDEX_PAGE;
} }
@PreAuthorize("isAuthenticated()")
@RequestMapping("/method/authenticated")
public String protectedMethodAuthenticated(Map<String, Object> map) {
this.assembleMap(map,
"/method/authenticated",
"Authentication (no particular role) required (method) config)");
return INDEX_PAGE;
}
@RequestMapping("/protected/authenticated") @RequestMapping("/protected/authenticated")
public String protectedAuthenticated(Map<String, Object> map) { public String protectedAuthenticated(Map<String, Object> map) {
this.assembleMap(map, this.assembleMap(map,
......
contextPath: /contextpath #contextPath: /contextpath
#baseUrl: http://localhost:8080${contextPath:/} #baseUrl: https://externally.visible.example.com${contextPath:/}
baseUrl: https://externally.visible.example.com${contextPath:/} baseUrl: http://localhost:8080
spring: spring:
mvc: mvc:
...@@ -49,7 +49,7 @@ auth: ...@@ -49,7 +49,7 @@ auth:
passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka' passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
roles: ["application_user"] roles: ["application_user"]
saml: saml:
enabled: true enabled: false
authorizerName: saml authorizerName: saml
keystore: keystore:
#path: /path/to/keystore.jks #path: /path/to/keystore.jks
......
...@@ -29,6 +29,7 @@ ...@@ -29,6 +29,7 @@
<h2>Pages</h2> <h2>Pages</h2>
<a href="<s:url value="/" />">Unprotected base url</a><br /> <a href="<s:url value="/" />">Unprotected base url</a><br />
<a href="<s:url value="/protected/authenticated" />">Protected url: authentication required</a><br /> <a href="<s:url value="/protected/authenticated" />">Protected url: authentication required</a><br />
<a href="<s:url value="/method/authenticated" />">Protected url: authentication required (method annotation)</a><br />
<a href="<s:url value="/method/contributor" />">Protected url: CONTRIBUTOR role or higher required (method annotation)</a><br /> <a href="<s:url value="/method/contributor" />">Protected url: CONTRIBUTOR role or higher required (method annotation)</a><br />
<a href="<s:url value="/protected/contributor" />">Protected url: CONTRIBUTOR role or higher required (security config)</a><br /> <a href="<s:url value="/protected/contributor" />">Protected url: CONTRIBUTOR role or higher required (security config)</a><br />
<a href="<s:url value="/protected/admin" />">Protected url: ADMINISTRATOR role required</a><br /> <a href="<s:url value="/protected/admin" />">Protected url: ADMINISTRATOR role required</a><br />
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment