From 5a032d3122edeb7d4433134b3874b5fbc32d0ced Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 20 Aug 2021 11:38:25 -0700 Subject: [PATCH] SHIBUI-2030 fix login issue --- .../admin/ui/configuration/auto/WebSecurityConfig.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java index 3d66de957..7e19425e7 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java @@ -9,7 +9,6 @@ import edu.internet2.tier.shibboleth.admin.ui.security.springsecurity.AdminUserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.AutoConfigureBefore; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -38,6 +37,9 @@ @ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class) public class WebSecurityConfig { + @Value("${shibui.roles.authenticated}") + private String[] acceptedAuthenticationRoles; + @Value("${shibui.logout-url:/dashboard}") private String logoutUrl; @@ -76,7 +78,7 @@ protected void configure(HttpSecurity http) throws Exception { .and() .authorizeRequests() .antMatchers("/unsecured/**/*").permitAll() - .anyRequest().hasAnyRole("USER", "ADMIN") + .anyRequest().hasAnyRole(acceptedAuthenticationRoles) .and() .exceptionHandling().accessDeniedHandler((request, response, accessDeniedException) -> response.sendRedirect("/unsecured/error.html")) .and() @@ -157,5 +159,4 @@ public void configure(WebSecurity web) throws Exception { } }; } -} - +} \ No newline at end of file