From 3bcc0c93adddb97b4e1875584d143f2cfb67fb7c Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 7 Jul 2021 15:58:29 -0700 Subject: [PATCH] SHIBUI-1744 Adjusting the configuration and setup --- .../unicon/shibui/pac4j/AddNewUserFilter.java | 47 ++++++++++--------- .../shibui/pac4j/Pac4jConfiguration.java | 2 +- .../net/unicon/shibui/pac4j/WebSecurity.java | 22 +++++---- 3 files changed, 40 insertions(+), 31 deletions(-) diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java index 7ca2c3676..aca51e6fc 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java @@ -74,28 +74,31 @@ public void destroy() { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - CommonProfile profile = (CommonProfile) authentication.getPrincipal(); - if (profile != null) { - String username = getAttributeFromProfile(profile, "username"); - if (username != null) { - Optional persistedUser = userRepository.findByUsername(username); - User user; - if (!persistedUser.isPresent()) { - user = buildAndPersistNewUserFromProfile(profile); - emailService.ifPresent(e -> { - try { - e.sendNewUserMail(username); - } catch (MessagingException e1) { - log.warn(String.format("Unable to send new user email for user [%s]", username), e); - } - }); - } else { - user = persistedUser.get(); - } - if (user.getRole().equals(ROLE_NONE)) { - ((HttpServletResponse) response).sendRedirect("/unsecured/error.html"); - } else { - chain.doFilter(request, response); // else, user is in the system already, carry on + if (authentication != null) { + CommonProfile profile = (CommonProfile) authentication.getPrincipal(); + if (profile != null) { + String username = getAttributeFromProfile(profile, "username"); + if (username != null) { + Optional persistedUser = userRepository.findByUsername(username); + User user; + if (!persistedUser.isPresent()) { + user = buildAndPersistNewUserFromProfile(profile); + emailService.ifPresent(e -> { + try { + e.sendNewUserMail(username); + } + catch (MessagingException e1) { + log.warn(String.format("Unable to send new user email for user [%s]", username), e); + } + }); + } else { + user = persistedUser.get(); + } + if (user.getRole().equals(ROLE_NONE)) { + ((HttpServletResponse) response).sendRedirect("/unsecured/error.html"); + } else { + chain.doFilter(request, response); // else, user is in the system already, carry on + } } } } diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java index 4b0939acc..f8f5f6a55 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java @@ -103,7 +103,7 @@ public void validate(Credentials credentials, WebContext context, SessionStore s // configure the matcher for bypassing auth checks PathMatcher pm = new PathMatcher(); - pm.setExcludedPaths(Lists.newArrayList("/favicon.ico", "/unsecured/**/*", "/error")); + pm.setExcludedPaths(Lists.newArrayList("/favicon.ico", "/unsecured/**/*", "/error", "/login", "/")); config.addMatcher("exclude-paths-matcher", pm); return config; diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java index c29f170c3..882c33df9 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java @@ -29,10 +29,13 @@ @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") @AutoConfigureAfter(EmailConfiguration.class) public class WebSecurity { - + @Bean("webSecurityConfig") - public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, Optional emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) { - return new Pac4jWebSecurityConfigurerAdapter(config, userRepository, roleRepository, emailService, pac4jConfigurationProperties); + public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config, UserRepository userRepository, + RoleRepository roleRepository, Optional emailService, + Pac4jConfigurationProperties pac4jConfigurationProperties) { + return new Pac4jWebSecurityConfigurerAdapter(config, userRepository, roleRepository, emailService, + pac4jConfigurationProperties); } @Order(100) @@ -43,7 +46,8 @@ public static class Pac4jWebSecurityConfigurerAdapter extends WebSecurityConfigu private Optional emailService; private Pac4jConfigurationProperties pac4jConfigurationProperties; - public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, Optional emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) { + public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, + Optional emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) { this.config = config; this.userRepository = userRepository; this.roleRepository = roleRepository; @@ -54,12 +58,14 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository use @Override protected void configure(HttpSecurity http) throws Exception { final SecurityFilter securityFilterForHeader = new SecurityFilter(this.config, Pac4jConfiguration.PAC4J_CLIENT_NAME); - + securityFilterForHeader.setMatchers("exclude-paths-matcher"); + final CallbackFilter callbackFilter = new CallbackFilter(this.config); + http.antMatcher("/**").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class) - .addFilterBefore(securityFilterForHeader, BasicAuthenticationFilter.class) - .addFilterAfter(new AddNewUserFilter(pac4jConfigurationProperties, userRepository, roleRepository, emailService), SecurityFilter.class); - + .addFilterBefore(securityFilterForHeader, BasicAuthenticationFilter.class) + .addFilterAfter(new AddNewUserFilter(pac4jConfigurationProperties, userRepository, roleRepository, + emailService), SecurityFilter.class); http.authorizeRequests().anyRequest().fullyAuthenticated(); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS); http.csrf().disable();