demo adaption and test coverage

2019-02-02 20:54:38 +01:00 · 2019-02-02 20:54:38 +01:00 · 0e97d1363a
commit 0e97d1363a
parent 9d39e3ad1a
4 changed files with 52 additions and 41 deletions
--- a/pom.xml
+++ b/pom.xml
@ -152,6 +152,10 @@
              <includes>
                <include>ch/ethz/seb/sebserver/*</include>
              </includes>
+              <excludes>
+                <exclude>ch/ethz/seb/sebserver/webservice/datalayer/batis/mapper</exclude>
+                <exclude>ch/ethz/seb/sebserver/webservice/datalayer/batis/model</exclude>
+              </excludes>
            </configuration>
            <executions>
              <execution>
--- a/src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java
@ -17,8 +17,6 @@ import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;

 import javax.net.ssl.SSLContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.http.client.HttpClient;
@ -36,14 +34,10 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.client.ClientHttpRequestFactory;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.http.client.SimpleClientHttpRequestFactory;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.util.ResourceUtils;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@ -92,40 +86,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements E
                .antMatchers("/error");
    }

-    @Override
-    public void configure(final HttpSecurity http) throws Exception {
-        http
-                .sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
-                .antMatcher("/**")
-                .authorizeRequests()
-                .anyRequest()
-                .authenticated()
-                .and()
-                .exceptionHandling()
-                .authenticationEntryPoint(
-                        new AuthenticationEntryPoint() {
-
-                            @Override
-                            public void commence(
-                                    final HttpServletRequest request,
-                                    final HttpServletResponse response,
-                                    final AuthenticationException authException) throws IOException, ServletException {
-
-                                response.setStatus(HttpStatus.UNAUTHORIZED.value());
-                                response.sendRedirect(WebSecurityConfig.this.unauthorizedRedirect);
-                            }
-                        })
-                .and()
-                .formLogin().disable()
-                .httpBasic().disable()
-                .logout().disable()
-                .headers().frameOptions().disable()
-                .and()
-                .csrf().disable();
-    }
-
    @RequestMapping("/error")
    public void handleError(final HttpServletResponse response) throws IOException {
        response.setStatus(HttpStatus.NOT_FOUND.value());
--- a/src/main/java/ch/ethz/seb/sebserver/gui/GuiWebsecurityConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/GuiWebsecurityConfig.java
@ -8,11 +8,22 @@

 package ch.ethz.seb.sebserver.gui;

+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@ -26,6 +37,8 @@ public class GuiWebsecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${sebserver.gui.entrypoint}")
    private String guiEndpointPath;
+    @Value("${sebserver.webservice.api.redirect.unauthorized}")
+    private String unauthorizedRedirect;

    /** Gui-service related public URLS from spring web security perspective */
    public static final RequestMatcher PUBLIC_URLS = new OrRequestMatcher(
@ -42,4 +55,38 @@ public class GuiWebsecurityConfig extends WebSecurityConfigurerAdapter {
                .requestMatchers(PUBLIC_URLS);
    }

+    @Override
+    public void configure(final HttpSecurity http) throws Exception {
+        http
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .antMatcher("/**")
+                .authorizeRequests()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .exceptionHandling()
+                .authenticationEntryPoint(
+                        new AuthenticationEntryPoint() {
+
+                            @Override
+                            public void commence(
+                                    final HttpServletRequest request,
+                                    final HttpServletResponse response,
+                                    final AuthenticationException authException) throws IOException, ServletException {
+
+                                response.setStatus(HttpStatus.UNAUTHORIZED.value());
+                                response.sendRedirect(GuiWebsecurityConfig.this.unauthorizedRedirect);
+                            }
+                        })
+                .and()
+                .formLogin().disable()
+                .httpBasic().disable()
+                .logout().disable()
+                .headers().frameOptions().disable()
+                .and()
+                .csrf().disable();
+    }
+
 }
--- a/src/main/resources/config/application.properties
+++ b/src/main/resources/config/application.properties
@ -1,5 +1,5 @@
 spring.application.name=SEB Server
-spring.profiles.active=demo
+spring.profiles.active=dev

 sebserver.version=1.0 beta