zervo/seb-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
seb-server/src/main/java/ch/ethz/seb/sebserver/WebSecurityConfig.java
anhefti 2f64cf92e0 registration page
2020-01-23 16:46:05 +01:00

99 lines
4.3 KiB
Java
Raw Blame History

/*
* Copyright (c) 2018 ETH Zürich, Educational Development and Technology (LET)
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
package ch.ethz.seb.sebserver;
import java.io.IOException;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpHeaders;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.filter.CharacterEncodingFilter;
import ch.ethz.seb.sebserver.gbl.api.API;
import ch.ethz.seb.sebserver.gbl.profile.GuiProfile;
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
/** This is the overall seb-server Spring web-configuration that is loaded for all profiles.
* Defines some overall web-security beans needed on both -- web-service and web-gui -- profiles */
@Configuration
@WebServiceProfile
@GuiProfile
@RestController
@Order(7)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements ErrorController {
@Value("${sebserver.webservice.http.redirect.gui}")
private String guiRedirect;
@Value("${sebserver.webservice.api.exam.endpoint.discovery}")
private String examAPIDiscoveryEndpoint;
@Value("${sebserver.webservice.api.admin.endpoint}")
private String adminAPIEndpoint;
/** Spring bean name of user password encoder */
public static final String USER_PASSWORD_ENCODER_BEAN_NAME = "userPasswordEncoder";
/** Spring bean name of client (application) password encoder */
public static final String CLIENT_PASSWORD_ENCODER_BEAN_NAME = "clientPasswordEncoder";
@Bean
public FilterRegistrationBean<CharacterEncodingFilter> filterRegistrationBean() {
final FilterRegistrationBean<CharacterEncodingFilter> registrationBean = new FilterRegistrationBean<>();
final CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
characterEncodingFilter.setForceEncoding(true);
characterEncodingFilter.setEncoding("UTF-8");
registrationBean.setFilter(characterEncodingFilter);
return registrationBean;
}
/** Password encoder used for user passwords (stronger protection) */
@Bean(USER_PASSWORD_ENCODER_BEAN_NAME)
public PasswordEncoder userPasswordEncoder() {
return new BCryptPasswordEncoder(8);
}
/** Password encode used for client (application) passwords */
@Bean(CLIENT_PASSWORD_ENCODER_BEAN_NAME)
public PasswordEncoder clientPasswordEncoder() {
return new BCryptPasswordEncoder(4);
}
@Override
public void configure(final WebSecurity web) {
web
.ignoring()
.antMatchers("/error")
.antMatchers(this.examAPIDiscoveryEndpoint)
.antMatchers(this.adminAPIEndpoint + API.INFO_ENDPOINT + API.LOGO_PATH_SEGMENT + "/**")
.antMatchers(this.adminAPIEndpoint + API.INFO_ENDPOINT + API.INFO_INST_PATH_SEGMENT + "/**")
.antMatchers(this.adminAPIEndpoint + API.REGISTER_ENDPOINT);
}
@RequestMapping("/error")
public void handleError(final HttpServletResponse response) throws IOException {
//response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
response.setHeader(HttpHeaders.LOCATION, this.guiRedirect);
response.flushBuffer();
}
@Override
public String getErrorPath() {
return "/error";
}
}
Reference in a new issue View git blame Copy permalink