SHIBUI-1744

Adjusting the configuration and setup
TIER · Jul 7, 2021 · 3bcc0c9 · 3bcc0c9
1 parent 6ff066f
commit 3bcc0c9
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 31 deletions.
diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java
@@ -74,28 +74,31 @@ public void destroy() {
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        CommonProfile profile = (CommonProfile) authentication.getPrincipal();
-        if (profile != null) {
-            String username = getAttributeFromProfile(profile, "username");
-            if (username != null) {
-                Optional<User> persistedUser = userRepository.findByUsername(username);
-                User user;
-                if (!persistedUser.isPresent()) {
-                    user = buildAndPersistNewUserFromProfile(profile);
-                    emailService.ifPresent(e -> {
-                        try {
-                            e.sendNewUserMail(username);
-                        } catch (MessagingException e1) {
-                            log.warn(String.format("Unable to send new user email for user [%s]", username), e);
-                        }
-                    });
-                } else {
-                    user = persistedUser.get();
-                }
-                if (user.getRole().equals(ROLE_NONE)) {
-                    ((HttpServletResponse) response).sendRedirect("/unsecured/error.html");
-                } else {
-                    chain.doFilter(request, response); // else, user is in the system already, carry on
+        if (authentication != null) {
+            CommonProfile profile = (CommonProfile) authentication.getPrincipal();
+            if (profile != null) {
+                String username = getAttributeFromProfile(profile, "username");
+                if (username != null) {
+                    Optional<User> persistedUser = userRepository.findByUsername(username);
+                    User user;
+                    if (!persistedUser.isPresent()) {
+                        user = buildAndPersistNewUserFromProfile(profile);
+                        emailService.ifPresent(e -> {
+                            try {
+                                e.sendNewUserMail(username);
+                            }
+                            catch (MessagingException e1) {
+                                log.warn(String.format("Unable to send new user email for user [%s]", username), e);
+                            }
+                        });
+                    } else {
+                        user = persistedUser.get();
+                    }
+                    if (user.getRole().equals(ROLE_NONE)) {
+                        ((HttpServletResponse) response).sendRedirect("/unsecured/error.html");
+                    } else {
+                        chain.doFilter(request, response); // else, user is in the system already, carry on
+                    }
                 }
             }
         }

diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java
@@ -103,7 +103,7 @@ public void validate(Credentials credentials, WebContext context, SessionStore s
 
         // configure the matcher for bypassing auth checks
         PathMatcher pm = new PathMatcher();
-        pm.setExcludedPaths(Lists.newArrayList("/favicon.ico", "/unsecured/**/*", "/error"));
+        pm.setExcludedPaths(Lists.newArrayList("/favicon.ico", "/unsecured/**/*", "/error", "/login", "/"));
         config.addMatcher("exclude-paths-matcher", pm);
 
         return config;

diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
@@ -29,10 +29,13 @@
 @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
 @AutoConfigureAfter(EmailConfiguration.class)
 public class WebSecurity {
-    
+
     @Bean("webSecurityConfig")
-    public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, Optional<EmailService> emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) {
-        return new Pac4jWebSecurityConfigurerAdapter(config, userRepository, roleRepository, emailService, pac4jConfigurationProperties);
+    public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config, UserRepository userRepository,
+                    RoleRepository roleRepository, Optional<EmailService> emailService,
+                    Pac4jConfigurationProperties pac4jConfigurationProperties) {
+        return new Pac4jWebSecurityConfigurerAdapter(config, userRepository, roleRepository, emailService,
+                        pac4jConfigurationProperties);
     }
 
     @Order(100)
@@ -43,7 +46,8 @@ public static class Pac4jWebSecurityConfigurerAdapter extends WebSecurityConfigu
         private Optional<EmailService> emailService;
         private Pac4jConfigurationProperties pac4jConfigurationProperties;
 
-        public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, Optional<EmailService> emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) {
+        public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository,
+                        Optional<EmailService> emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) {
             this.config = config;
             this.userRepository = userRepository;
             this.roleRepository = roleRepository;
@@ -54,12 +58,14 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository use
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             final SecurityFilter securityFilterForHeader = new SecurityFilter(this.config, Pac4jConfiguration.PAC4J_CLIENT_NAME);
-
+            securityFilterForHeader.setMatchers("exclude-paths-matcher");
+
             final CallbackFilter callbackFilter = new CallbackFilter(this.config);
+
             http.antMatcher("/**").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class)
-                                  .addFilterBefore(securityFilterForHeader, BasicAuthenticationFilter.class)
-                                  .addFilterAfter(new AddNewUserFilter(pac4jConfigurationProperties, userRepository, roleRepository, emailService), SecurityFilter.class);
-
+                            .addFilterBefore(securityFilterForHeader, BasicAuthenticationFilter.class)
+                            .addFilterAfter(new AddNewUserFilter(pac4jConfigurationProperties, userRepository, roleRepository,
+                                            emailService), SecurityFilter.class);
             http.authorizeRequests().anyRequest().fullyAuthenticated();
             http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
             http.csrf().disable();