Commit ee525ac1 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

2: Migrate core behavior to new base

Task-Url: #2
parent 5bd2d4f4
Pipeline #17541 passed with stage
in 1 minute and 50 seconds
......@@ -6,7 +6,7 @@ allprojects {
version = '2.0.0-DEV'
repositories {
mavenLocal()
//mavenLocal()
maven {
url = 'https://minfba.de.dariah.eu/nexus/repository/minfba-central/'
}
......
......@@ -20,6 +20,6 @@ public class CustomAuthorizer extends ProfileAuthorizer<CommonProfile> {
return false;
}
//return StringUtils.startsWith(profile.getUsername(), "jle");
return false;
return true;
}
}
......@@ -37,19 +37,18 @@ public class WebSecurityConfig {
final SecurityFilter filter = new SecurityFilter(config, enabledClientNames.stream().collect(Collectors.joining(",")));
// TODO: What happens if there is no client? Everything open or 403??
http
.requestMatchers()
.antMatchers("/saml/**", "/form/**")
.and()
.authorizeRequests()
.antMatchers("/saml/admin.html").hasRole("ADMIN")
.antMatchers("/saml/admin.html").hasRole("ADMINISTRATOR")
.antMatchers("/saml/**").authenticated()
.and()
.addFilterBefore(filter, BasicAuthenticationFilter.class)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
if (enabledClientNames.get(0).equals("FormClient")) {
if (!enabledClientNames.isEmpty() && enabledClientNames.get(0).equals("FormClient")) {
http.exceptionHandling().authenticationEntryPoint(new Pac4jEntryPoint(config, "FormClient"));
}
......
package eu.dariah.de.dariahsp.sample.controller;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
......@@ -8,6 +10,7 @@ import org.springframework.boot.autoconfigure.web.ErrorProperties;
import org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController;
import org.springframework.boot.web.servlet.error.ErrorAttributes;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
......@@ -15,27 +18,31 @@ import org.springframework.web.servlet.ModelAndView;
@Controller
@RequestMapping({"${server.error.path:${error.path:/error}}"})
public class ErrorController extends BasicErrorController {
@Autowired
public ErrorController(ErrorAttributes errorAttributes) {
super(errorAttributes, new ErrorProperties());
}
@Autowired
public ErrorController(ErrorAttributes errorAttributes) {
super(errorAttributes, new ErrorProperties());
}
@RequestMapping(
produces = {"text/html"}
)
@Override
public ModelAndView errorHtml(HttpServletRequest request, HttpServletResponse response) {
final HttpStatus status = getStatus(request);
if (status == HttpStatus.UNAUTHORIZED) {
return new ModelAndView("error401");
} else if (status == HttpStatus.FORBIDDEN) {
return new ModelAndView("error403");
} else if (status == HttpStatus.NOT_FOUND) {
return new ModelAndView("error404");
} else if (status == HttpStatus.NO_CONTENT) {
return new ModelAndView("ok204");
} else {
return new ModelAndView("error500");
}
}
@Override
@RequestMapping(produces = {"text/html"})
public ModelAndView errorHtml(HttpServletRequest request, HttpServletResponse response) {
Map<String, Object> attr = getErrorAttributes(request, getErrorAttributeOptions(request, MediaType.ALL));
final HttpStatus status = getStatus(request);
if (status == HttpStatus.UNAUTHORIZED) {
return new ModelAndView("error401");
} else if (status == HttpStatus.FORBIDDEN) {
return new ModelAndView("error403");
} else if (status == HttpStatus.NOT_FOUND) {
return new ModelAndView("error404", attr);
} else {
return new ModelAndView("error500");
}
}
/* Do not do this in production as users should not see reasons openly */
@Override
protected boolean isIncludeMessage(HttpServletRequest request, MediaType produces) {
return true;
}
}
\ No newline at end of file
package eu.dariah.de.dariahsp.sample.controller;
import java.util.Map;
import javax.websocket.server.PathParam;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.JEEContext;
......@@ -12,12 +9,11 @@ import org.pac4j.core.http.adapter.JEEHttpActionAdapter;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.util.Pac4jConstants;
import org.pac4j.http.client.indirect.FormClient;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.springframework.annotation.ui.RequireAllRoles;
import org.pac4j.springframework.annotation.ui.RequireAnyRole;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
......@@ -29,6 +25,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
import eu.dariah.de.dariahsp.sample.Constants;
import eu.dariah.de.dariahsp.sample.error.SAML2MetadataNotFoundException;
import eu.dariah.de.dariahsp.sample.metadata.MetadataHelper;
import eu.dariah.de.dariahsp.sample.error.AuthenticatorNotAvailable;
import eu.dariah.de.dariahsp.sample.error.NotFoundException;
@Controller
......@@ -52,6 +49,7 @@ public class SampleController {
return "home";
}
@RequireAllRoles("ROLE_CONTRIBUTOR")
@RequestMapping("/form/index.html")
public String form(Map<String, Object> map) {
return protectedIndex(map);
......@@ -67,11 +65,14 @@ public class SampleController {
@RequestMapping("/forceLogin")
@ResponseBody
public String forceLogin() {
final Client client = config.getClients().findClient(jeeContext.getRequestParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER).get()).get();
final String clientName = jeeContext.getRequestParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER).orElse("unknown");
final Client<?> client = config.getClients().findClient(clientName).orElse(null);
if (client==null) {
throw new AuthenticatorNotAvailable(clientName);
}
HttpAction action;
try {
action = (HttpAction) client.getRedirectionAction(jeeContext).get();
action = client.getRedirectionAction(jeeContext).orElseThrow(() -> new AuthenticatorNotAvailable(clientName));
} catch (final HttpAction e) {
action = e;
}
......@@ -79,6 +80,7 @@ public class SampleController {
return null;
}
@GetMapping(value = {"/metadata", "/metadata/{action}"}, produces = MediaType.APPLICATION_XML_VALUE)
public @ResponseBody String getMetadata(@PathVariable(required=false) String action) {
if (action!=null && !action.isEmpty() && !action.equals("generate") && !action.equals("filesystem")) {
......
package eu.dariah.de.dariahsp.sample.error;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ResponseStatus;
import lombok.Data;
import lombok.EqualsAndHashCode;
@Data
@EqualsAndHashCode(callSuper=false)
@ResponseStatus(value=HttpStatus.NOT_FOUND, reason="Requested authenticator not available")
public class AuthenticatorNotAvailable extends RuntimeException {
private static final long serialVersionUID = 6000140564678387460L;
private final String authenticator;
public AuthenticatorNotAvailable(String authenticator) {
this.authenticator = authenticator;
}
}
......@@ -11,16 +11,20 @@ logging:
auth:
salt: Qmwp4CO7LDkOUDouAcCcUqd9ZGNbRG5Jyr5lpntOuB9
local:
enabled: false
enabled: true
# Same password for each user: 1234
users:
- username: 'admin'
passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
roles: ["ROLE_ADMINISTRATOR"]
- username: 'tgradl'
passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
- username: 'contributor'
passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
roles: ["ROLE_CONTRIBUTOR"]
- username: 'user'
passhash: '$2y$10$nmTcpRxs.RFUstkJJms6U.AW61Jmr64s9VNQLuhpU8gYrgzCapwka'
roles: ["ROLE_CONTRIBUTOR"]
saml:
enabled: true
enabled: false
keystore:
path: /data/_srv/dariahsp/c105-229.cloud.gwdg.de.jks
pass: clariah
......@@ -32,7 +36,7 @@ auth:
#metadataResource: /data/_srv/dariahsp/sp_metadata.xml
maxAuthAge: -1
#baseUrl: https://c105-229.cloud.gwdg.de/dme
entityId: ${auth.saml.sp.baseUrl}
#entityId: ${auth.saml.sp.baseUrl}
signMetadata: true
#signingMethods: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
#digestMethods: http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512
......
......@@ -4,7 +4,7 @@
<appender name="Console"
class="ch.qos.logback.core.ConsoleAppender">
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%d{yyyy-MM-dd} %d{HH:mm:ss.SSS} %thread | %5p %logger{36} - %m%n</pattern>
<pattern>%d{yyyy-MM-dd} %d{HH:mm:ss.SSS} %thread | %5p %logger{36}.%M\(%line\) - %m%n</pattern>
</layout>
</appender>
......
<html>
<body>
<h1>not found</h1>
<h2>${message}</h2>
<br />
<a href="/">Home</a>
</body>
......
<html>
<body>
<h1>no content available</h1>
<br />
<a href="/">Home</a>
</body>
</html>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment