Skip to content

Commit

Permalink
Merged in feature/shibui-1746 (pull request #518)
Browse files Browse the repository at this point in the history 
SHIBUI-1746 (set default root user)

Approved-by: Bill Smith
Approved-by: Jonathan Johnson
  • Loading branch information
@chasegawa
chasegawa authored and Jonathan Johnson committed Sep 2, 2021
2 parents fe83c5a + ee65619 commit 12f7c03
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 22 deletions.
44 changes: 23 additions & 21 deletions ...ain/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,8 @@
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import java.util.Collections;

import javax.transaction.Transactional;
import java.util.Collections;

/**
* Web security configuration.
Expand All @@ -40,20 +39,29 @@ public class WebSecurityConfig {
@Value("${shibui.roles.authenticated}")
private String[] acceptedAuthenticationRoles;

@Value("${shibui.default-password:}")
private String defaultPassword;

@Value("${shibui.logout-url:/dashboard}")
private String logoutUrl;

@Value("${shibui.default-password:}")
private String defaultPassword;
@Autowired
private RoleRepository roleRepository;

@Value("${shibui.default-rootuser:root}")
private String rootUser;

@Autowired
private UserRepository userRepository;

@Autowired
private UserService userService;

@Autowired
private RoleRepository roleRepository;

@Bean
@Profile("!no-auth")
public AdminUserService adminUserService(UserRepository userRepository) {
return new AdminUserService(userRepository);
}

private HttpFirewall allowUrlEncodedSlashHttpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
Expand All @@ -62,8 +70,10 @@ private HttpFirewall allowUrlEncodedSlashHttpFirewall() {
return firewall;
}

private HttpFirewall defaultFirewall() {
return new DefaultHttpFirewall();
@Bean
@Profile("!no-auth")
public AuditorAware<String> defaultAuditorAware() {
return new DefaultAuditorAware();
}

@Bean
Expand Down Expand Up @@ -94,9 +104,9 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
if (defaultPassword != null && !"".equals(defaultPassword)) {
// TODO: yeah, this isn't good, but we gotta initialize this user for now
User adminUser = userRepository.findByUsername("root").orElseGet(() ->{
User adminUser = userRepository.findByUsername(rootUser).orElseGet(() ->{
User u = new User();
u.setUsername("root");
u.setUsername(rootUser);
u.setPassword(defaultPassword);
u.setFirstName("admin");
u.setLastName("user");
Expand Down Expand Up @@ -129,16 +139,8 @@ public void configure(WebSecurity web) throws Exception {
};
}

@Bean
@Profile("!no-auth")
public AuditorAware<String> defaultAuditorAware() {
return new DefaultAuditorAware();
}

@Bean
@Profile("!no-auth")
public AdminUserService adminUserService(UserRepository userRepository) {
return new AdminUserService(userRepository);
private HttpFirewall defaultFirewall() {
return new DefaultHttpFirewall();
}

@Bean
Expand Down
5 changes: 4 additions & 1 deletion backend/src/main/resources/application.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,10 @@ shibui.logout-url=/dashboard

# spring.profiles.active=default

#shibui.default-password=
## Default root user can be set in application.yml or here - setting in both places can be undeterministic
## Default password must be set for the default user to be configured and setup
#shibui.default-password={noop}somepassword
shibui.default-rootuser=root

shibui.metadata-sources-ui-schema-location=classpath:metadata-sources-ui-schema.json
shibui.entity-attributes-filters-ui-schema-location=classpath:entity-attributes-filters-ui-schema.json
Expand Down
4 changes: 4 additions & 0 deletions backend/src/main/resources/application.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
#shibui:
## Default password must be set for the default user to be configured and setup
# default-rootuser:root
## need to include the encoding for the password - be sure to quote the entire value as shown
# default-password: "{noop}foopassword"
# pac4j-enabled: true
# pac4j:
# keystorePath: "/etc/shibui/samlKeystore.jks"
Expand Down

0 comments on commit 12f7c03

Please sign in to comment.