2018-11-15 11:24:18 +01:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2018 ETH Zürich, Educational Development and Technology (LET)
|
|
|
|
|
*
|
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package ch.ethz.seb.sebserver;
|
|
|
|
|
|
2019-01-28 16:58:06 +01:00
|
|
|
import java.io.IOException;
|
|
|
|
|
|
|
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
|
|
|
|
|
import org.springframework.beans.factory.annotation.Value;
|
2019-03-12 11:34:01 +01:00
|
|
|
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
2019-01-28 16:58:06 +01:00
|
|
|
import org.springframework.boot.web.servlet.error.ErrorController;
|
2018-11-15 11:24:18 +01:00
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
|
|
import org.springframework.context.annotation.Configuration;
|
2019-01-28 16:58:06 +01:00
|
|
|
import org.springframework.core.annotation.Order;
|
2019-05-09 11:26:11 +02:00
|
|
|
import org.springframework.http.HttpHeaders;
|
2019-01-28 16:58:06 +01:00
|
|
|
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
|
|
|
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
2018-11-15 11:24:18 +01:00
|
|
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
|
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
2019-01-28 16:58:06 +01:00
|
|
|
import org.springframework.web.bind.annotation.RequestMapping;
|
|
|
|
|
import org.springframework.web.bind.annotation.RestController;
|
2019-03-12 11:34:01 +01:00
|
|
|
import org.springframework.web.filter.CharacterEncodingFilter;
|
2018-11-15 11:24:18 +01:00
|
|
|
|
2019-08-08 20:35:57 +02:00
|
|
|
import ch.ethz.seb.sebserver.gbl.api.API;
|
2018-11-15 11:24:18 +01:00
|
|
|
import ch.ethz.seb.sebserver.gbl.profile.GuiProfile;
|
|
|
|
|
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
|
|
|
|
|
|
|
|
|
/** This is the overall seb-server Spring web-configuration that is loaded for all profiles.
|
|
|
|
|
* Defines some overall web-security beans needed on both -- web-service and web-gui -- profiles */
|
|
|
|
|
@Configuration
|
|
|
|
|
@WebServiceProfile
|
|
|
|
|
@GuiProfile
|
2019-01-28 16:58:06 +01:00
|
|
|
@RestController
|
2019-05-09 11:26:11 +02:00
|
|
|
@Order(7)
|
2019-01-28 16:58:06 +01:00
|
|
|
public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements ErrorController {
|
|
|
|
|
|
2019-07-18 12:35:36 +02:00
|
|
|
@Value("${sebserver.webservice.http.redirect.gui}")
|
|
|
|
|
private String guiRedirect;
|
2019-06-03 11:44:55 +02:00
|
|
|
@Value("${sebserver.webservice.api.exam.endpoint.discovery}")
|
|
|
|
|
private String examAPIDiscoveryEndpoint;
|
2019-08-08 20:35:57 +02:00
|
|
|
@Value("${sebserver.webservice.api.admin.endpoint}")
|
|
|
|
|
private String adminAPIEndpoint;
|
2018-11-15 11:24:18 +01:00
|
|
|
|
|
|
|
|
/** Spring bean name of user password encoder */
|
|
|
|
|
public static final String USER_PASSWORD_ENCODER_BEAN_NAME = "userPasswordEncoder";
|
|
|
|
|
/** Spring bean name of client (application) password encoder */
|
|
|
|
|
public static final String CLIENT_PASSWORD_ENCODER_BEAN_NAME = "clientPasswordEncoder";
|
|
|
|
|
|
2019-03-12 11:34:01 +01:00
|
|
|
@Bean
|
|
|
|
|
public FilterRegistrationBean<CharacterEncodingFilter> filterRegistrationBean() {
|
|
|
|
|
final FilterRegistrationBean<CharacterEncodingFilter> registrationBean = new FilterRegistrationBean<>();
|
|
|
|
|
final CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
|
|
|
|
|
characterEncodingFilter.setForceEncoding(true);
|
|
|
|
|
characterEncodingFilter.setEncoding("UTF-8");
|
|
|
|
|
registrationBean.setFilter(characterEncodingFilter);
|
|
|
|
|
return registrationBean;
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-15 11:24:18 +01:00
|
|
|
/** Password encoder used for user passwords (stronger protection) */
|
|
|
|
|
@Bean(USER_PASSWORD_ENCODER_BEAN_NAME)
|
|
|
|
|
public PasswordEncoder userPasswordEncoder() {
|
|
|
|
|
return new BCryptPasswordEncoder(8);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Password encode used for client (application) passwords */
|
|
|
|
|
@Bean(CLIENT_PASSWORD_ENCODER_BEAN_NAME)
|
|
|
|
|
public PasswordEncoder clientPasswordEncoder() {
|
|
|
|
|
return new BCryptPasswordEncoder(4);
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-28 16:58:06 +01:00
|
|
|
@Override
|
|
|
|
|
public void configure(final WebSecurity web) {
|
|
|
|
|
web
|
|
|
|
|
.ignoring()
|
2019-02-10 21:07:15 +01:00
|
|
|
.antMatchers("/error")
|
2019-07-10 12:08:08 +02:00
|
|
|
.antMatchers(this.examAPIDiscoveryEndpoint)
|
2020-01-23 16:46:05 +01:00
|
|
|
.antMatchers(this.adminAPIEndpoint + API.INFO_ENDPOINT + API.LOGO_PATH_SEGMENT + "/**")
|
|
|
|
|
.antMatchers(this.adminAPIEndpoint + API.INFO_ENDPOINT + API.INFO_INST_PATH_SEGMENT + "/**")
|
|
|
|
|
.antMatchers(this.adminAPIEndpoint + API.REGISTER_ENDPOINT);
|
2019-07-10 12:08:08 +02:00
|
|
|
}
|
|
|
|
|
|
2019-01-28 16:58:06 +01:00
|
|
|
@RequestMapping("/error")
|
|
|
|
|
public void handleError(final HttpServletResponse response) throws IOException {
|
2019-07-10 12:08:08 +02:00
|
|
|
//response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
|
2019-07-18 12:35:36 +02:00
|
|
|
response.setHeader(HttpHeaders.LOCATION, this.guiRedirect);
|
2019-05-09 11:26:11 +02:00
|
|
|
response.flushBuffer();
|
2019-01-28 16:58:06 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public String getErrorPath() {
|
|
|
|
|
return "/error";
|
|
|
|
|
}
|
2018-11-15 11:24:18 +01:00
|
|
|
}
|
