diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java index 7e19425e7..8617bfa3b 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java @@ -26,9 +26,8 @@ import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; -import java.util.Collections; - import javax.transaction.Transactional; +import java.util.Collections; /** * Web security configuration. @@ -40,20 +39,29 @@ public class WebSecurityConfig { @Value("${shibui.roles.authenticated}") private String[] acceptedAuthenticationRoles; + @Value("${shibui.default-password:}") + private String defaultPassword; + @Value("${shibui.logout-url:/dashboard}") private String logoutUrl; - @Value("${shibui.default-password:}") - private String defaultPassword; + @Autowired + private RoleRepository roleRepository; + + @Value("${shibui.default-rootuser:root}") + private String rootUser; @Autowired private UserRepository userRepository; @Autowired private UserService userService; - - @Autowired - private RoleRepository roleRepository; + + @Bean + @Profile("!no-auth") + public AdminUserService adminUserService(UserRepository userRepository) { + return new AdminUserService(userRepository); + } private HttpFirewall allowUrlEncodedSlashHttpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); @@ -62,8 +70,10 @@ private HttpFirewall allowUrlEncodedSlashHttpFirewall() { return firewall; } - private HttpFirewall defaultFirewall() { - return new DefaultHttpFirewall(); + @Bean + @Profile("!no-auth") + public AuditorAware defaultAuditorAware() { + return new DefaultAuditorAware(); } @Bean @@ -94,9 +104,9 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception { PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); if (defaultPassword != null && !"".equals(defaultPassword)) { // TODO: yeah, this isn't good, but we gotta initialize this user for now - User adminUser = userRepository.findByUsername("root").orElseGet(() ->{ + User adminUser = userRepository.findByUsername(rootUser).orElseGet(() ->{ User u = new User(); - u.setUsername("root"); + u.setUsername(rootUser); u.setPassword(defaultPassword); u.setFirstName("admin"); u.setLastName("user"); @@ -129,16 +139,8 @@ public void configure(WebSecurity web) throws Exception { }; } - @Bean - @Profile("!no-auth") - public AuditorAware defaultAuditorAware() { - return new DefaultAuditorAware(); - } - - @Bean - @Profile("!no-auth") - public AdminUserService adminUserService(UserRepository userRepository) { - return new AdminUserService(userRepository); + private HttpFirewall defaultFirewall() { + return new DefaultHttpFirewall(); } @Bean diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 400212d09..5b7b801f1 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -59,7 +59,10 @@ shibui.logout-url=/dashboard # spring.profiles.active=default -#shibui.default-password= +## Default root user can be set in application.yml or here - setting in both places can be undeterministic +## Default password must be set for the default user to be configured and setup +#shibui.default-password={noop}somepassword +shibui.default-rootuser=root shibui.metadata-sources-ui-schema-location=classpath:metadata-sources-ui-schema.json shibui.entity-attributes-filters-ui-schema-location=classpath:entity-attributes-filters-ui-schema.json diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index e9301289a..74ae43689 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -1,4 +1,8 @@ #shibui: +## Default password must be set for the default user to be configured and setup +# default-rootuser:root +## need to include the encoding for the password - be sure to quote the entire value as shown +# default-password: "{noop}foopassword" # pac4j-enabled: true # pac4j: # keystorePath: "/etc/shibui/samlKeystore.jks"