From e9b7f80be2c7a110a918155f23a47c493f0c52ab Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Mon, 28 Jan 2019 16:48:57 -0700 Subject: [PATCH] [SHIBUI-1058] Removed test user from DevConfig. Removed completed todo. =] Added configuration class that enables method-level security. --- .../admin/ui/configuration/DevConfig.groovy | 8 -------- .../EndpointSecurityConfiguration.java | 16 ++++++++++++++++ .../unicon/shibui/pac4j/Pac4jConfiguration.java | 1 - 3 files changed, 16 insertions(+), 9 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/EndpointSecurityConfiguration.java diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy index 40d46abca..a137526a4 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy @@ -79,14 +79,6 @@ class DevConfig { emailAddress = 'anon@institution.edu' roles.add(roleRepository.findByName('ROLE_ADMIN').get()) it - }, new User().with { // allow some shady fella - username = 'scalding@scaldingspoon.com' - password = '{noop}anonymous' - firstName = 'Jj!' - lastName = 'Jj!' - emailAddress = 'scalding@scaldingspoon.com' - roles.add(roleRepository.findByName('ROLE_ADMIN').get()) - it }] users.each { adminUserRepository.save(it) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/EndpointSecurityConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/EndpointSecurityConfiguration.java new file mode 100644 index 000000000..81187a17f --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/EndpointSecurityConfiguration.java @@ -0,0 +1,16 @@ +package edu.internet2.tier.shibboleth.admin.ui.configuration; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration; + +/** + * @author Bill Smith (wsmith@unicon.net) + */ +@Configuration +@EnableGlobalMethodSecurity( + prePostEnabled = true, + securedEnabled = true, + jsr250Enabled = true) +public class EndpointSecurityConfiguration extends GlobalMethodSecurityConfiguration { +} diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java index 8a1a54757..884873881 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java @@ -36,7 +36,6 @@ public Config config(final Pac4jConfigurationProperties pac4jConfigurationProper saml2Client.setName("Saml2Client"); saml2Client.addAuthorizationGenerator(saml2ModelAuthorizationGenerator); - //TODO: pray SAML2Authenticator saml2Authenticator = new SAML2Authenticator(saml2ClientConfiguration.getAttributeAsId(), saml2ClientConfiguration.getMappedAttributes()); saml2Authenticator.setProfileDefinition(new CommonProfileDefinition<>(p -> new BetterSAML2Profile(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername()))); saml2Client.setAuthenticator(saml2Authenticator);