[SHIBUI-1029]

Removed the attempt at throwing an Access Denied exception and creating
a handler for it as it never seemed to work.

Added in the EmailService.

pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java

@@ -6,14 +6,17 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
+import edu.internet2.tier.shibboleth.admin.ui.service.EmailService;
 import org.apache.commons.lang.RandomStringUtils;
 import org.apache.http.entity.ContentType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
-import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.bcrypt.BCrypt;
 
+import javax.mail.MessagingException;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -29,14 +32,18 @@
  */
 public class AddNewUserFilter implements Filter {
 
+    private static final Logger logger = LoggerFactory.getLogger(AddNewUserFilter.class);
+
     private static final String ROLE_NONE = "ROLE_NONE";
 
     private UserRepository userRepository;
     private RoleRepository roleRepository;
+    private EmailService emailService;
 
-    public AddNewUserFilter(UserRepository userRepository, RoleRepository roleRepository) {
+    public AddNewUserFilter(UserRepository userRepository, RoleRepository roleRepository, EmailService emailService) {
         this.userRepository = userRepository;
         this.roleRepository = roleRepository;
+        this.emailService = emailService;
     }
 
     @Override
@@ -59,26 +66,26 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
                     roleRepository.save(noRole);
                     user.getRoles().add(noRole);
                     userRepository.save(user);
-                    //TODO: Add call to email service here
+                    try {
+                        emailService.sendNewUserMail(username);
+                    } catch (MessagingException e) {
+                        logger.warn(String.format("Unable to send new user email for user [%s]", username), e);
+                    }
                 } else {
                     user = persistedUser.get();
                 }
                 if (user.getRole().equals(ROLE_NONE)) {
-                    throw new AccessDeniedException("DENIED!");
-/*                    response.setContentType(ContentType.APPLICATION_JSON.getMimeType());
+                    response.setContentType(ContentType.APPLICATION_JSON.getMimeType());
                     ((HttpServletResponse) response).setStatus(HttpStatus.FORBIDDEN.value());
                     response.getOutputStream().write(getJsonResponseBytes(
                             new ErrorResponse(String.valueOf(HttpStatus.FORBIDDEN.value()),
                                     "Your account is not yet authorized to access ShibUI.")));
                     ((HttpServletResponse) response).sendRedirect("/static.html");
-//                    return;*/
                 } else {
-                    chain.doFilter(request, response);// else, user is in the system already, carry on
+                    chain.doFilter(request, response); // else, user is in the system already, carry on
                 }
             }
         }
-
-//        chain.doFilter(request, response);
     }
 
     @Override

pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java

@@ -2,8 +2,8 @@
 
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
+import edu.internet2.tier.shibboleth.admin.ui.service.EmailService;
 import org.pac4j.core.config.Config;
-import org.pac4j.core.context.HttpConstants;
 import org.pac4j.springframework.security.web.CallbackFilter;
 import org.pac4j.springframework.security.web.SecurityFilter;
 import org.springframework.boot.autoconfigure.AutoConfigureOrder;
@@ -13,33 +13,15 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.access.AccessDeniedHandler;
-import org.springframework.security.web.access.AccessDeniedHandlerImpl;
-import org.springframework.security.web.access.ExceptionTranslationFilter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
-import org.springframework.web.bind.annotation.ExceptionHandler;
 
 @Configuration
 @AutoConfigureOrder(-1)
 public class WebSecurity {
     @Bean("webSecurityConfig")
-    public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository) {
-        return new Pac4jWebSecurityConfigurerAdapter(config, userRepository, roleRepository);
-    }
-
-    @Bean
-    @ExceptionHandler
-    public static AccessDeniedHandler accessDeniedHandler() {
-        return new net.unicon.shibui.pac4j.AccessDeniedHandler();
-    }
-
-    @Bean
-    public static ExceptionTranslationFilter exceptionTranslationFilter(AccessDeniedHandler accessDeniedHandler) {
-        ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter(new RestAuthenticationEntryPoint());
-        exceptionTranslationFilter.setAccessDeniedHandler(accessDeniedHandler);
-        exceptionTranslationFilter.afterPropertiesSet();
-        return exceptionTranslationFilter;
+    public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, EmailService emailService) {
+        return new Pac4jWebSecurityConfigurerAdapter(config, userRepository, roleRepository, emailService);
     }
 
     @Configuration
@@ -74,45 +56,28 @@ public static class Pac4jWebSecurityConfigurerAdapter extends WebSecurityConfigu
         private final Config config;
         private UserRepository userRepository;
         private RoleRepository roleRepository;
+        private EmailService emailService;
 
-        public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository) {
+        public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, EmailService emailService) {
             this.config = config;
             this.userRepository = userRepository;
             this.roleRepository = roleRepository;
+            this.emailService = emailService;
         }
 
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             final SecurityFilter securityFilter = new SecurityFilter(this.config, "Saml2Client");
 
             final CallbackFilter callbackFilter = new CallbackFilter(this.config);
-            // http.regexMatcher("/callback").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class);
             http.antMatcher("/**").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class)
                     .addFilterBefore(securityFilter, BasicAuthenticationFilter.class)
-                    .addFilterAfter(new AddNewUserFilter(userRepository, roleRepository), SecurityFilter.class)
-                    .addFilterAfter(exceptionTranslationFilter(accessDeniedHandler()), ExceptionTranslationFilter.class)
-                    .exceptionHandling().accessDeniedHandler(accessDeniedHandler());
-            http.authorizeRequests().anyRequest().fullyAuthenticated();
-
-//            http.addFilterBefore(securityFilter, BasicAuthenticationFilter.class);
+                    .addFilterAfter(new AddNewUserFilter(userRepository, roleRepository, emailService), SecurityFilter.class);
 
-//            http.addFilterAfter(new AddNewUserFilter(userRepository, roleRepository), SecurityFilter.class)
-//                    .exceptionHandling().accessDeniedHandler(accessDeniedHandler());
-
-
-/*
-            http.addFilterAfter(exceptionTranslationFilter(accessDeniedHandler()), ExceptionTranslationFilter.class);
-*/
-/*
-            ExceptionTranslationFilter customExceptionTranslationFilter = new ExceptionTranslationFilter(new RestAuthenticationEntryPoint());
-            customExceptionTranslationFilter.setAccessDeniedHandler(accessDeniedHandler);
-            http.addFilterAfter(customExceptionTranslationFilter, AddNewUserFilter.class);
-*/
+            http.authorizeRequests().anyRequest().fullyAuthenticated();
 
             http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
 
-            // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
-
             http.csrf().disable();
             http.headers().frameOptions().disable();
         }
@@ -121,8 +86,6 @@ protected void configure(HttpSecurity http) throws Exception {
         public void configure(org.springframework.security.config.annotation.web.builders.WebSecurity web) throws Exception {
             super.configure(web);
 
-//            web.ignoring().antMatchers("/static.html");
-
             StrictHttpFirewall firewall = new StrictHttpFirewall();
             firewall.setAllowUrlEncodedSlash(true);
             web.httpFirewall(firewall);