2: Migrate core behavior to new base

Task-Url: #2

2: Migrate core behavior to new base
Task-Url: #2
ee525ac1 · Gradl, Tobias · 5bd2d4f4 · ee525ac1 · ee525ac1 · ee525ac1
Commit ee525ac1 authored Oct 30, 2020 by Gradl, Tobias
--- a/build.gradle
+++ b/build.gradle
@@ -6,7 +6,7 @@ allprojects {
    version = '2.0.0-DEV'

    repositories {
-        mavenLocal()
+        //mavenLocal()
        maven {
            url = 'https://minfba.de.dariah.eu/nexus/repository/minfba-central/'
        }

--- a/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/CustomAuthorizer.java
+++ b/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/CustomAuthorizer.java
@@ -20,6 +20,6 @@ public class CustomAuthorizer extends ProfileAuthorizer<CommonProfile> {
            return false;
        }
        //return StringUtils.startsWith(profile.getUsername(), "jle");
-        return false;
+        return true;
    }
 }
--- a/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/config/WebSecurityConfig.java
+++ b/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/config/WebSecurityConfig.java
@@ -37,19 +37,18 @@ public class WebSecurityConfig {
        	
            final SecurityFilter filter = new SecurityFilter(config, enabledClientNames.stream().collect(Collectors.joining(",")));

-            // TODO: What happens if there is no client? Everything open or 403??   
            http
            	.requestMatchers()
            		.antMatchers("/saml/**", "/form/**")
            	.and()
            	.authorizeRequests()
-                    .antMatchers("/saml/admin.html").hasRole("ADMIN")
+                    .antMatchers("/saml/admin.html").hasRole("ADMINISTRATOR")
                    .antMatchers("/saml/**").authenticated()
            	.and()
            	.addFilterBefore(filter, BasicAuthenticationFilter.class)
            	.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
        		
-            if (enabledClientNames.get(0).equals("FormClient")) {
+            if (!enabledClientNames.isEmpty() && enabledClientNames.get(0).equals("FormClient")) {
            	http.exceptionHandling().authenticationEntryPoint(new Pac4jEntryPoint(config, "FormClient"));
            }
            

--- a/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/controller/ErrorController.java
+++ b/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/controller/ErrorController.java
 package eu.dariah.de.dariahsp.sample.controller;

+import java.util.Map;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

@@ -8,6 +10,7 @@ import org.springframework.boot.autoconfigure.web.ErrorProperties;
 import org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController;
 import org.springframework.boot.web.servlet.error.ErrorAttributes;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.servlet.ModelAndView;
@@ -15,27 +18,31 @@ import org.springframework.web.servlet.ModelAndView;
 @Controller
 @RequestMapping({"${server.error.path:${error.path:/error}}"})
 public class ErrorController extends BasicErrorController {
-	 @Autowired
-	    public ErrorController(ErrorAttributes errorAttributes) {
-	        super(errorAttributes, new ErrorProperties());
-	    }
+	
+	@Autowired
+	public ErrorController(ErrorAttributes errorAttributes) {
+		super(errorAttributes, new ErrorProperties());
+	}

-	    @RequestMapping(
-	            produces = {"text/html"}
-	    )
-	    @Override
-	    public ModelAndView errorHtml(HttpServletRequest request, HttpServletResponse response) {
-	        final HttpStatus status = getStatus(request);
-	        if (status == HttpStatus.UNAUTHORIZED) {
-	            return new ModelAndView("error401");
-	        } else if (status == HttpStatus.FORBIDDEN) {
-	            return new ModelAndView("error403");
-	        } else if (status == HttpStatus.NOT_FOUND) {
-	            return new ModelAndView("error404");
-	        } else if (status == HttpStatus.NO_CONTENT) {
-	            return new ModelAndView("ok204");
-	        } else {
-	            return new ModelAndView("error500");
-	        }
-	    }
+    @Override
+    @RequestMapping(produces = {"text/html"})
+    public ModelAndView errorHtml(HttpServletRequest request, HttpServletResponse response) {
+    	Map<String, Object> attr = getErrorAttributes(request, getErrorAttributeOptions(request, MediaType.ALL));
+        final HttpStatus status = getStatus(request);
+        if (status == HttpStatus.UNAUTHORIZED) {
+            return new ModelAndView("error401");
+        } else if (status == HttpStatus.FORBIDDEN) {
+            return new ModelAndView("error403");
+        } else if (status == HttpStatus.NOT_FOUND) {
+            return new ModelAndView("error404", attr);
+        } else {
+            return new ModelAndView("error500");
+        }
+    }
+    
+    /* Do not do this in production as users should not see reasons openly */ 
+    @Override
+    protected boolean isIncludeMessage(HttpServletRequest request, MediaType produces) {
+		return true;
+	}
 }
\ No newline at end of file
--- a/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/controller/SampleController.java
+++ b/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/controller/SampleController.java
 package eu.dariah.de.dariahsp.sample.controller;

 import java.util.Map;
-
-import javax.websocket.server.PathParam;
-
 import org.pac4j.core.client.Client;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.context.JEEContext;
@@ -12,12 +9,11 @@ import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
 import org.pac4j.core.profile.ProfileManager;
 import org.pac4j.core.util.Pac4jConstants;
 import org.pac4j.http.client.indirect.FormClient;
-import org.pac4j.saml.client.SAML2Client;
+import org.pac4j.springframework.annotation.ui.RequireAllRoles;
+import org.pac4j.springframework.annotation.ui.RequireAnyRole;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
-import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -29,6 +25,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import eu.dariah.de.dariahsp.sample.Constants;
 import eu.dariah.de.dariahsp.sample.error.SAML2MetadataNotFoundException;
 import eu.dariah.de.dariahsp.sample.metadata.MetadataHelper;
+import eu.dariah.de.dariahsp.sample.error.AuthenticatorNotAvailable;
 import eu.dariah.de.dariahsp.sample.error.NotFoundException;

 @Controller
@@ -52,6 +49,7 @@ public class SampleController {
 		return "home";
 	}
 	
+	@RequireAllRoles("ROLE_CONTRIBUTOR")
 	@RequestMapping("/form/index.html")
    public String form(Map<String, Object> map) {
        return protectedIndex(map);
@@ -67,11 +65,14 @@ public class SampleController {
 	@RequestMapping("/forceLogin")
    @ResponseBody
    public String forceLogin() {
-
-        final Client client = config.getClients().findClient(jeeContext.getRequestParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER).get()).get();
+		final String clientName = jeeContext.getRequestParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER).orElse("unknown");
+        final Client<?> client = config.getClients().findClient(clientName).orElse(null);
+        if (client==null) {
+        	throw new AuthenticatorNotAvailable(clientName);
+        }
        HttpAction action;
        try {
-            action = (HttpAction) client.getRedirectionAction(jeeContext).get();
+        	action = client.getRedirectionAction(jeeContext).orElseThrow(() -> new AuthenticatorNotAvailable(clientName));
        } catch (final HttpAction e) {
            action = e;
        }
@@ -79,6 +80,7 @@ public class SampleController {
        return null;
    }
 	
+
 	@GetMapping(value = {"/metadata", "/metadata/{action}"}, produces = MediaType.APPLICATION_XML_VALUE)
 	public @ResponseBody String getMetadata(@PathVariable(required=false) String action) {
 		if (action!=null && !action.isEmpty() && !action.equals("generate") && !action.equals("filesystem")) {

--- a/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/error/AuthenticatorNotAvailable.java
+++ b/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/error/AuthenticatorNotAvailable.java
+package eu.dariah.de.dariahsp.sample.error;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+@Data
+@EqualsAndHashCode(callSuper=false)
+@ResponseStatus(value=HttpStatus.NOT_FOUND, reason="Requested authenticator not available")
+public class AuthenticatorNotAvailable extends RuntimeException {
+	private static final long serialVersionUID = 6000140564678387460L;
+	
+	private final String authenticator;
+	
+	public AuthenticatorNotAvailable(String authenticator) {
+        this.authenticator = authenticator;
+    }
+}
--- a/dariahsp-sample/src/main/resources/application.yml
+++ b/dariahsp-sample/src/main/resources/application.yml
@@ -11,16 +11,20 @@ logging:
 auth:
  salt: Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
  local:
-    enabled: false
+    enabled: true
+    # Same password for each user: 1234
    users:
      - username: 'admin'
-        passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
+        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
        roles: ["ROLE_ADMINISTRATOR"]
-      - username: 'tgradl'
-        passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
+      - username: 'contributor'
+        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
+        roles: ["ROLE_CONTRIBUTOR"]
+      - username: 'user'
+        passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
        roles: ["ROLE_CONTRIBUTOR"]
  saml:
-    enabled: true
+    enabled: false
    keystore:
      path: /data/_srv/dariahsp/c105-229.cloud.gwdg.de.jks
      pass: clariah
@@ -32,7 +36,7 @@ auth:
      #metadataResource: /data/_srv/dariahsp/sp_metadata.xml
      maxAuthAge: -1
      #baseUrl: https://c105-229.cloud.gwdg.de/dme
-      entityId: ${auth.saml.sp.baseUrl}
+      #entityId: ${auth.saml.sp.baseUrl}
      signMetadata: true
      #signingMethods: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
      #digestMethods: http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512

--- a/dariahsp-sample/src/main/resources/logback.xml
+++ b/dariahsp-sample/src/main/resources/logback.xml
@@ -4,7 +4,7 @@
 	    <appender name="Console"
 	        class="ch.qos.logback.core.ConsoleAppender">
 	        <layout class="ch.qos.logback.classic.PatternLayout">
-	            <pattern>%d{yyyy-MM-dd} %d{HH:mm:ss.SSS} %thread | %5p %logger{36} - %m%n</pattern>
+	            <pattern>%d{yyyy-MM-dd} %d{HH:mm:ss.SSS} %thread | %5p %logger{36}.%M\(%line\) - %m%n</pattern>
 	        </layout>
 	    </appender>
 	 

--- a/dariahsp-sample/src/main/webapp/WEB-INF/views/error404.jsp
+++ b/dariahsp-sample/src/main/webapp/WEB-INF/views/error404.jsp
 <html>
 <body>
 <h1>not found</h1>
+<h2>${message}</h2>
 <br />
 <a href="/">Home</a>
 </body>

--- a/dariahsp-sample/src/main/webapp/WEB-INF/views/ok204.jsp
+++ b/dariahsp-sample/src/main/webapp/WEB-INF/views/ok204.jsp
-<html>
-<body>
-<h1>no content available</h1>
-<br />
-<a href="/">Home</a>
-</body>
-</html>
\ No newline at end of file