TSK-113: SampleLoginModule now accepts all test users and generated group memberships.
This commit is contained in:
Holger Hagen
Marcel Lengl
parent
4256ddc005
commit
d116b138d1
|
|
@ -1,39 +0,0 @@
|
|||
package pro.taskana.rest.security;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
import pro.taskana.security.GroupPrincipal;
|
||||
import pro.taskana.security.UserPrincipal;
|
||||
|
||||
public class CustomAutenticationProvider implements AuthenticationProvider {
|
||||
|
||||
private AuthenticationProvider delegate;
|
||||
|
||||
public CustomAutenticationProvider(AuthenticationProvider delegate) {
|
||||
this.delegate = delegate;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Authentication authenticate(Authentication authentication) {
|
||||
JaasAuthenticationToken jaasAuthenticationToken = (JaasAuthenticationToken) delegate
|
||||
.authenticate(authentication);
|
||||
|
||||
if (jaasAuthenticationToken.isAuthenticated()) {
|
||||
String userName = jaasAuthenticationToken.getPrincipal().toString();
|
||||
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new UserPrincipal(userName));
|
||||
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group_1"));
|
||||
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group_2"));
|
||||
jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group_3"));
|
||||
return jaasAuthenticationToken;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(Class<?> authentication) {
|
||||
return delegate.supports(authentication);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
package pro.taskana.rest.security;
|
||||
|
||||
import java.security.Principal;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.springframework.security.authentication.jaas.AuthorityGranter;
|
||||
|
||||
public class RoleGranterFromMap implements AuthorityGranter {
|
||||
|
||||
private static Map<String, String> USER_ROLES = new HashMap<String, String>();
|
||||
|
||||
static {
|
||||
USER_ROLES.put("test", "ROLE_ADMINISTRATOR");
|
||||
// USER_ROLES.put("test", "TRUE");
|
||||
}
|
||||
|
||||
public Set<String> grant(Principal principal) {
|
||||
return Collections.singleton("DUMMY");
|
||||
}
|
||||
}
|
||||
|
|
@ -10,35 +10,73 @@ import javax.security.auth.callback.PasswordCallback;
|
|||
import javax.security.auth.login.LoginException;
|
||||
import javax.security.auth.spi.LoginModule;
|
||||
|
||||
import pro.taskana.security.GroupPrincipal;
|
||||
import pro.taskana.security.UserPrincipal;
|
||||
|
||||
public class SampleLoginModule implements LoginModule {
|
||||
|
||||
public boolean abort() throws LoginException {
|
||||
return true;
|
||||
}
|
||||
private NameCallback nameCallback;
|
||||
|
||||
public boolean commit() throws LoginException {
|
||||
return true;
|
||||
}
|
||||
private PasswordCallback passwordCallback;
|
||||
|
||||
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
|
||||
Map<String, ?> options) {
|
||||
private Subject subject;
|
||||
|
||||
try {
|
||||
NameCallback nameCallback = new NameCallback("prompt");
|
||||
PasswordCallback passwordCallback = new PasswordCallback("prompt", false);
|
||||
@Override
|
||||
public boolean abort() throws LoginException {
|
||||
return true;
|
||||
}
|
||||
|
||||
callbackHandler.handle(new Callback[] { nameCallback, passwordCallback });
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
@Override
|
||||
public boolean commit() throws LoginException {
|
||||
addUserPrincipalToSubject();
|
||||
addGroupSubjectsDerivedFromUsername();
|
||||
return true;
|
||||
}
|
||||
|
||||
public boolean login() throws LoginException {
|
||||
return true;
|
||||
}
|
||||
private void addGroupSubjectsDerivedFromUsername() {
|
||||
String username = nameCallback.getName();
|
||||
char role = username.charAt(1);
|
||||
switch (role) {
|
||||
case 'u':
|
||||
subject.getPrincipals()
|
||||
.add(new GroupPrincipal("user" + "_domain_" + username.charAt(0)));
|
||||
break;
|
||||
case 'm':
|
||||
subject.getPrincipals()
|
||||
.add(new GroupPrincipal("manager" + "_domain_" + username.charAt(0)));
|
||||
break;
|
||||
}
|
||||
subject.getPrincipals().add(new GroupPrincipal("team_" + username.substring(2, 6)));
|
||||
}
|
||||
|
||||
public boolean logout() throws LoginException {
|
||||
return true;
|
||||
}
|
||||
private void addUserPrincipalToSubject() {
|
||||
subject.getPrincipals().add(new UserPrincipal(nameCallback.getName()));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
|
||||
Map<String, ?> options) {
|
||||
|
||||
this.subject = subject;
|
||||
|
||||
try {
|
||||
nameCallback = new NameCallback("prompt");
|
||||
passwordCallback = new PasswordCallback("prompt", false);
|
||||
|
||||
callbackHandler.handle(new Callback[] { nameCallback, passwordCallback });
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean login() throws LoginException {
|
||||
return nameCallback.getName().equals(new String(passwordCallback.getPassword()));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean logout() throws LoginException {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,15 @@
|
|||
package pro.taskana.rest.security;
|
||||
|
||||
import java.security.Principal;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
|
||||
import org.springframework.security.authentication.jaas.AuthorityGranter;
|
||||
|
||||
public class SampleRoleGranter implements AuthorityGranter {
|
||||
|
||||
@Override
|
||||
public Set<String> grant(Principal principal) {
|
||||
return Collections.singleton(principal.getName());
|
||||
}
|
||||
}
|
||||
|
|
@ -5,13 +5,11 @@ import org.springframework.context.annotation.Bean;
|
|||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.jaas.AuthorityGranter;
|
||||
import org.springframework.security.authentication.jaas.JaasAuthenticationCallbackHandler;
|
||||
import org.springframework.security.authentication.jaas.JaasAuthenticationProvider;
|
||||
import org.springframework.security.authentication.jaas.JaasNameCallbackHandler;
|
||||
import org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
|
@ -27,55 +25,53 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
|
|||
@EnableWebSecurity
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.inMemoryAuthentication().withUser("Max").password("test").roles("ADMIN");
|
||||
}
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.csrf()
|
||||
.disable()
|
||||
.authenticationProvider(jaasAuthProvider())
|
||||
.authorizeRequests()
|
||||
.antMatchers(HttpMethod.GET, "/**")
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.and()
|
||||
.addFilter(new JaasApiIntegrationFilter());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable().authenticationProvider(customauthProvider()).authorizeRequests()
|
||||
.antMatchers(HttpMethod.GET, "/**").authenticated().and().httpBasic().and()
|
||||
.addFilter(new JaasApiIntegrationFilter());
|
||||
}
|
||||
@Bean
|
||||
public JaasAuthenticationProvider jaasAuthProvider() {
|
||||
JaasAuthenticationProvider authenticationProvider = new JaasAuthenticationProvider();
|
||||
authenticationProvider.setAuthorityGranters(new AuthorityGranter[] { new SampleRoleGranter() });
|
||||
authenticationProvider.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {
|
||||
new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler() });
|
||||
authenticationProvider.setLoginContextName("taskana");
|
||||
authenticationProvider.setLoginConfig(new ClassPathResource("pss_jaas.config"));
|
||||
return authenticationProvider;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthenticationProvider customauthProvider() {
|
||||
return new CustomAutenticationProvider(jaasAuthProvider());
|
||||
}
|
||||
@Bean
|
||||
public WebMvcConfigurer corsConfigurer() {
|
||||
return new WebMvcConfigurerAdapter() {
|
||||
|
||||
@Bean
|
||||
public JaasAuthenticationProvider jaasAuthProvider() {
|
||||
JaasAuthenticationProvider authenticationProvider = new JaasAuthenticationProvider();
|
||||
authenticationProvider.setAuthorityGranters(new AuthorityGranter[] { new RoleGranterFromMap() });
|
||||
authenticationProvider.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {
|
||||
new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler() });
|
||||
authenticationProvider.setLoginContextName("taskana");
|
||||
authenticationProvider.setLoginConfig(new ClassPathResource("pss_jaas.config"));
|
||||
return authenticationProvider;
|
||||
}
|
||||
@Override
|
||||
public void addCorsMappings(CorsRegistry registry) {
|
||||
registry.addMapping("/**").allowedOrigins("*");
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@Bean
|
||||
public WebMvcConfigurer corsConfigurer() {
|
||||
return new WebMvcConfigurerAdapter() {
|
||||
@Override
|
||||
public void addCorsMappings(CorsRegistry registry) {
|
||||
registry.addMapping("/**").allowedOrigins("*");
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@Bean
|
||||
public FilterRegistrationBean corsFilter() {
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
config.setAllowCredentials(true);
|
||||
config.addAllowedOrigin("*");
|
||||
config.addAllowedHeader("*");
|
||||
config.addAllowedMethod("*");
|
||||
source.registerCorsConfiguration("/**", config);
|
||||
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
|
||||
bean.setOrder(0);
|
||||
return bean;
|
||||
}
|
||||
@Bean
|
||||
public FilterRegistrationBean corsFilter() {
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
config.setAllowCredentials(true);
|
||||
config.addAllowedOrigin("*");
|
||||
config.addAllowedHeader("*");
|
||||
config.addAllowedMethod("*");
|
||||
source.registerCorsConfiguration("/**", config);
|
||||
FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
|
||||
bean.setOrder(0);
|
||||
return bean;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue