From f7da7116bdcf9eba713b3965d482c060cb0b9bcc Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 25 Aug 2021 10:07:50 -0700 Subject: [PATCH 1/5] NOJIRA default values (or lack of) causing issues --- .../configuration/auto/WebSecurityConfig.java | 48 +++++++++---------- .../src/main/resources/application.properties | 3 +- backend/src/main/resources/application.yml | 1 + 3 files changed, 27 insertions(+), 25 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java index 3d66de957..a5144dc6a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java @@ -9,7 +9,6 @@ import edu.internet2.tier.shibboleth.admin.ui.security.springsecurity.AdminUserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.AutoConfigureBefore; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -27,9 +26,8 @@ import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; -import java.util.Collections; - import javax.transaction.Transactional; +import java.util.Collections; /** * Web security configuration. @@ -38,20 +36,29 @@ @ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class) public class WebSecurityConfig { + @Value("${shibui.default-password:}") + private String defaultPassword; + @Value("${shibui.logout-url:/dashboard}") private String logoutUrl; - @Value("${shibui.default-password:}") - private String defaultPassword; + @Autowired + private RoleRepository roleRepository; + + @Value("${shibui.default-rootuser:root}") + private String rootUser; @Autowired private UserRepository userRepository; @Autowired private UserService userService; - - @Autowired - private RoleRepository roleRepository; + + @Bean + @Profile("!no-auth") + public AdminUserService adminUserService(UserRepository userRepository) { + return new AdminUserService(userRepository); + } private HttpFirewall allowUrlEncodedSlashHttpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); @@ -60,8 +67,10 @@ private HttpFirewall allowUrlEncodedSlashHttpFirewall() { return firewall; } - private HttpFirewall defaultFirewall() { - return new DefaultHttpFirewall(); + @Bean + @Profile("!no-auth") + public AuditorAware defaultAuditorAware() { + return new DefaultAuditorAware(); } @Bean @@ -92,9 +101,9 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception { PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); if (defaultPassword != null && !"".equals(defaultPassword)) { // TODO: yeah, this isn't good, but we gotta initialize this user for now - User adminUser = userRepository.findByUsername("root").orElseGet(() ->{ + User adminUser = userRepository.findByUsername(rootUser).orElseGet(() ->{ User u = new User(); - u.setUsername("root"); + u.setUsername(rootUser); u.setPassword(defaultPassword); u.setFirstName("admin"); u.setLastName("user"); @@ -127,16 +136,8 @@ public void configure(WebSecurity web) throws Exception { }; } - @Bean - @Profile("!no-auth") - public AuditorAware defaultAuditorAware() { - return new DefaultAuditorAware(); - } - - @Bean - @Profile("!no-auth") - public AdminUserService adminUserService(UserRepository userRepository) { - return new AdminUserService(userRepository); + private HttpFirewall defaultFirewall() { + return new DefaultHttpFirewall(); } @Bean @@ -157,5 +158,4 @@ public void configure(WebSecurity web) throws Exception { } }; } -} - +} \ No newline at end of file diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 83f2635e0..1960625fc 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -59,6 +59,7 @@ shibui.logout-url=/dashboard # spring.profiles.active=default #shibui.default-password= +shibui.default-rootuser=root shibui.metadata-sources-ui-schema-location=classpath:metadata-sources-ui-schema.json shibui.entity-attributes-filters-ui-schema-location=classpath:entity-attributes-filters-ui-schema.json @@ -97,4 +98,4 @@ shibui.roles=ROLE_ADMIN,ROLE_USER,ROLE_NONE #This property must be set to true in order to enable posting stats to beacon endpoint. Furthermore, appropriate #environment variables must be set for beacon publisher to be used (the ones that are set when running shib-ui in #docker container -shibui.beacon-enabled=true +shibui.beacon-enabled=true \ No newline at end of file diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index e9301289a..d1fea58e5 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -1,4 +1,5 @@ #shibui: +# default-rootuser=root # pac4j-enabled: true # pac4j: # keystorePath: "/etc/shibui/samlKeystore.jks" From 4a78132095615f3bf44ec5cdd15ff7ccafa7363e Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 25 Aug 2021 10:10:55 -0700 Subject: [PATCH 2/5] SHIBUI-1746 Default user configuration --- backend/src/main/resources/application.properties | 1 + backend/src/main/resources/application.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 1960625fc..b6d9a4627 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -58,6 +58,7 @@ shibui.logout-url=/dashboard # spring.profiles.active=default +## Default password must be set for the default user to be configured and setup #shibui.default-password= shibui.default-rootuser=root diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index d1fea58e5..ca482f2ac 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -1,5 +1,7 @@ #shibui: +## Default password must be set for the default user to be configured and setup # default-rootuser=root +# default-password= # pac4j-enabled: true # pac4j: # keystorePath: "/etc/shibui/samlKeystore.jks" From 5cf1f3c1d3afcfceaa12869dfdbf239be55a9e99 Mon Sep 17 00:00:00 2001 From: Charles Hasegawa Date: Thu, 2 Sep 2021 16:38:28 +0000 Subject: [PATCH 3/5] SHIBUI-1746 application.yml cleanup of comments --- backend/src/main/resources/application.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index ca482f2ac..f15f39cda 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -1,7 +1,8 @@ #shibui: ## Default password must be set for the default user to be configured and setup -# default-rootuser=root -# default-password= +# default-rootuser:root +## need to include the encoding for the password +# default-password:{noop}foopassword # pac4j-enabled: true # pac4j: # keystorePath: "/etc/shibui/samlKeystore.jks" From 0c7184d239a23fbe124ea461a85e1cb67eb8afa7 Mon Sep 17 00:00:00 2001 From: Charles Hasegawa Date: Thu, 2 Sep 2021 16:50:53 +0000 Subject: [PATCH 4/5] SHIBUI-1746 application.properties comments added --- backend/src/main/resources/application.properties | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 0a92160c1..5b7b801f1 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -59,8 +59,9 @@ shibui.logout-url=/dashboard # spring.profiles.active=default +## Default root user can be set in application.yml or here - setting in both places can be undeterministic ## Default password must be set for the default user to be configured and setup -#shibui.default-password= +#shibui.default-password={noop}somepassword shibui.default-rootuser=root shibui.metadata-sources-ui-schema-location=classpath:metadata-sources-ui-schema.json From ee656196fe345ee6f5cd8a6b3c39c5a9a92db0e3 Mon Sep 17 00:00:00 2001 From: Charles Hasegawa Date: Thu, 2 Sep 2021 16:59:46 +0000 Subject: [PATCH 5/5] SHIBUI-1746 application.yml comment --- backend/src/main/resources/application.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index f15f39cda..74ae43689 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -1,8 +1,8 @@ #shibui: ## Default password must be set for the default user to be configured and setup # default-rootuser:root -## need to include the encoding for the password -# default-password:{noop}foopassword +## need to include the encoding for the password - be sure to quote the entire value as shown +# default-password: "{noop}foopassword" # pac4j-enabled: true # pac4j: # keystorePath: "/etc/shibui/samlKeystore.jks"