zervo/seb-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

demo adaption and test coverage

Browse source
This commit is contained in:
anhefti 2019-02-02 20:54:38 +01:00
parent 9d39e3ad1a
commit 0e97d1363a
4 changed files with 52 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pom.xml
View file

@ -152,6 +152,10 @@
<includes> <includes>
<include>ch/ethz/seb/sebserver/*</include> <include>ch/ethz/seb/sebserver/*</include>
</includes> </includes>
<excludes>
<exclude>ch/ethz/seb/sebserver/webservice/datalayer/batis/mapper</exclude>
<exclude>ch/ethz/seb/sebserver/webservice/datalayer/batis/model</exclude>
</excludes>
</configuration> </configuration>
<executions> <executions>
<execution> <execution>

40
src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java
View file

@ -17,8 +17,6 @@ import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.HttpClient; import org.apache.http.client.HttpClient;
@ -36,14 +34,10 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.client.ClientHttpRequestFactory; import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.client.SimpleClientHttpRequestFactory; import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.util.ResourceUtils; import org.springframework.util.ResourceUtils;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
@ -92,40 +86,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements E
.antMatchers("/error"); .antMatchers("/error");
} }
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.antMatcher("/**")
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(
new AuthenticationEntryPoint() {
@Override
public void commence(
final HttpServletRequest request,
final HttpServletResponse response,
final AuthenticationException authException) throws IOException, ServletException {
response.setStatus(HttpStatus.UNAUTHORIZED.value());
response.sendRedirect(WebSecurityConfig.this.unauthorizedRedirect);
}
})
.and()
.formLogin().disable()
.httpBasic().disable()
.logout().disable()
.headers().frameOptions().disable()
.and()
.csrf().disable();
}
@RequestMapping("/error") @RequestMapping("/error")
public void handleError(final HttpServletResponse response) throws IOException { public void handleError(final HttpServletResponse response) throws IOException {
response.setStatus(HttpStatus.NOT_FOUND.value()); response.setStatus(HttpStatus.NOT_FOUND.value());

47
src/main/java/ch/ethz/seb/sebserver/gui/GuiWebsecurityConfig.java
View file

@ -8,11 +8,22 @@
package ch.ethz.seb.sebserver.gui; package ch.ethz.seb.sebserver.gui;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher; import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher;
@ -26,6 +37,8 @@ public class GuiWebsecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${sebserver.gui.entrypoint}") @Value("${sebserver.gui.entrypoint}")
private String guiEndpointPath; private String guiEndpointPath;
@Value("${sebserver.webservice.api.redirect.unauthorized}")
private String unauthorizedRedirect;
/** Gui-service related public URLS from spring web security perspective */ /** Gui-service related public URLS from spring web security perspective */
public static final RequestMatcher PUBLIC_URLS = new OrRequestMatcher( public static final RequestMatcher PUBLIC_URLS = new OrRequestMatcher(
@ -42,4 +55,38 @@ public class GuiWebsecurityConfig extends WebSecurityConfigurerAdapter {
.requestMatchers(PUBLIC_URLS); .requestMatchers(PUBLIC_URLS);
} }
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.antMatcher("/**")
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(
new AuthenticationEntryPoint() {
@Override
public void commence(
final HttpServletRequest request,
final HttpServletResponse response,
final AuthenticationException authException) throws IOException, ServletException {
response.setStatus(HttpStatus.UNAUTHORIZED.value());
response.sendRedirect(GuiWebsecurityConfig.this.unauthorizedRedirect);
}
})
.and()
.formLogin().disable()
.httpBasic().disable()
.logout().disable()
.headers().frameOptions().disable()
.and()
.csrf().disable();
}
} }

2
src/main/resources/config/application.properties
View file

@ -1,5 +1,5 @@
spring.application.name=SEB Server spring.application.name=SEB Server
spring.profiles.active=demo spring.profiles.active=dev
sebserver.version=1.0 beta sebserver.version=1.0 beta