TSK-113: SampleLoginModule now accepts all test users and generated group memberships.

2018-01-17 11:26:10 +01:00 · 2018-01-17 11:26:10 +01:00 · d7d6d3a166
parent 434035fe33
commit d7d6d3a166
5 changed files with 120 additions and 133 deletions
--- a/rest/src/main/java/pro/taskana/rest/security/CustomAutenticationProvider.java
+++ b/rest/src/main/java/pro/taskana/rest/security/CustomAutenticationProvider.java
@ -1,39 +0,0 @@
 package pro.taskana.rest.security;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import pro.taskana.security.GroupPrincipal;
 import pro.taskana.security.UserPrincipal;
 public class CustomAutenticationProvider implements AuthenticationProvider {
    private AuthenticationProvider delegate;
    public CustomAutenticationProvider(AuthenticationProvider delegate) {
        this.delegate = delegate;
    }
    @Override
    public Authentication authenticate(Authentication authentication) {
        JaasAuthenticationToken jaasAuthenticationToken = (JaasAuthenticationToken) delegate
            .authenticate(authentication);
        if (jaasAuthenticationToken.isAuthenticated()) {
            String userName = jaasAuthenticationToken.getPrincipal().toString();
            jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new UserPrincipal(userName));
            jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group_1"));
            jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group_2"));
            jaasAuthenticationToken.getLoginContext().getSubject().getPrincipals().add(new GroupPrincipal("group_3"));
            return jaasAuthenticationToken;
        } else {
            return null;
        }
    }
    @Override
    public boolean supports(Class<?> authentication) {
        return delegate.supports(authentication);
    }
 }
--- a/rest/src/main/java/pro/taskana/rest/security/RoleGranterFromMap.java
+++ b/rest/src/main/java/pro/taskana/rest/security/RoleGranterFromMap.java
@ -1,23 +0,0 @@
 package pro.taskana.rest.security;
 import java.security.Principal;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 import org.springframework.security.authentication.jaas.AuthorityGranter;
 public class RoleGranterFromMap implements AuthorityGranter {
 	private static Map<String, String> USER_ROLES = new HashMap<String, String>();
 	static {
 		USER_ROLES.put("test", "ROLE_ADMINISTRATOR");
 		// USER_ROLES.put("test", "TRUE");
 	}
 	public Set<String> grant(Principal principal) {
 		return Collections.singleton("DUMMY");
 	}
 }
--- a/rest/src/main/java/pro/taskana/rest/security/SampleLoginModule.java
+++ b/rest/src/main/java/pro/taskana/rest/security/SampleLoginModule.java
@ -10,35 +10,73 @@ import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import pro.taskana.security.GroupPrincipal;
 import pro.taskana.security.UserPrincipal;
 public class SampleLoginModule implements LoginModule {
-	public boolean abort() throws LoginException {
+    private NameCallback nameCallback;
 		return true;
 	}
-	public boolean commit() throws LoginException {
+    private PasswordCallback passwordCallback;
 		return true;
 	}
-	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+    private Subject subject;
 			Map<String, ?> options) {
-		try {
+    @Override
-			NameCallback nameCallback = new NameCallback("prompt");
+    public boolean abort() throws LoginException {
-			PasswordCallback passwordCallback = new PasswordCallback("prompt", false);
+        return true;
    }
-			callbackHandler.handle(new Callback[] { nameCallback, passwordCallback });
+    @Override
-		} catch (Exception e) {
+    public boolean commit() throws LoginException {
-			throw new RuntimeException(e);
+        addUserPrincipalToSubject();
-		}
+        addGroupSubjectsDerivedFromUsername();
-	}
+        return true;
    }
-	public boolean login() throws LoginException {
+    private void addGroupSubjectsDerivedFromUsername() {
-		return true;
+        String username = nameCallback.getName();
-	}
+        char role = username.charAt(1);
        switch (role) {
            case 'u':
                subject.getPrincipals()
                    .add(new GroupPrincipal("user" + "_domain_" + username.charAt(0)));
                break;
            case 'm':
                subject.getPrincipals()
                    .add(new GroupPrincipal("manager" + "_domain_" + username.charAt(0)));
                break;
        }
        subject.getPrincipals().add(new GroupPrincipal("team_" + username.substring(2, 6)));
    }
-	public boolean logout() throws LoginException {
+    private void addUserPrincipalToSubject() {
-		return true;
+        subject.getPrincipals().add(new UserPrincipal(nameCallback.getName()));
-	}
+    }
    @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
        Map<String, ?> options) {
        this.subject = subject;
        try {
            nameCallback = new NameCallback("prompt");
            passwordCallback = new PasswordCallback("prompt", false);
            callbackHandler.handle(new Callback[] { nameCallback, passwordCallback });
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
    @Override
    public boolean login() throws LoginException {
        return nameCallback.getName().equals(new String(passwordCallback.getPassword()));
    }
    @Override
    public boolean logout() throws LoginException {
        return true;
    }
 }
--- a/rest/src/main/java/pro/taskana/rest/security/SampleRoleGranter.java
+++ b/rest/src/main/java/pro/taskana/rest/security/SampleRoleGranter.java
@ -0,0 +1,15 @@
 package pro.taskana.rest.security;
 import java.security.Principal;
 import java.util.Collections;
 import java.util.Set;
 import org.springframework.security.authentication.jaas.AuthorityGranter;
 public class SampleRoleGranter implements AuthorityGranter {
    @Override
    public Set<String> grant(Principal principal) {
        return Collections.singleton(principal.getName());
    }
 }
--- a/rest/src/main/java/pro/taskana/rest/security/WebSecurityConfig.java
+++ b/rest/src/main/java/pro/taskana/rest/security/WebSecurityConfig.java
@ -5,13 +5,11 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.jaas.AuthorityGranter;
 import org.springframework.security.authentication.jaas.JaasAuthenticationCallbackHandler;
 import org.springframework.security.authentication.jaas.JaasAuthenticationProvider;
 import org.springframework.security.authentication.jaas.JaasNameCallbackHandler;
 import org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@ -27,55 +25,53 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
@EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
-	@Override
+    @Override
-	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    protected void configure(HttpSecurity http) throws Exception {
-		auth.inMemoryAuthentication().withUser("Max").password("test").roles("ADMIN");
+        http.csrf()
-	}
+            .disable()
            .authenticationProvider(jaasAuthProvider())
            .authorizeRequests()
            .antMatchers(HttpMethod.GET, "/**")
            .authenticated()
            .and()
            .httpBasic()
            .and()
            .addFilter(new JaasApiIntegrationFilter());
    }
-	@Override
+    @Bean
-	protected void configure(HttpSecurity http) throws Exception {
+    public JaasAuthenticationProvider jaasAuthProvider() {
-		http.csrf().disable().authenticationProvider(customauthProvider()).authorizeRequests()
+        JaasAuthenticationProvider authenticationProvider = new JaasAuthenticationProvider();
-				.antMatchers(HttpMethod.GET, "/**").authenticated().and().httpBasic().and()
+        authenticationProvider.setAuthorityGranters(new AuthorityGranter[] { new SampleRoleGranter() });
-				.addFilter(new JaasApiIntegrationFilter());
+        authenticationProvider.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {
-	}
+            new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler() });
        authenticationProvider.setLoginContextName("taskana");
        authenticationProvider.setLoginConfig(new ClassPathResource("pss_jaas.config"));
        return authenticationProvider;
    }
-	@Bean
+    @Bean
-	public AuthenticationProvider customauthProvider() {
+    public WebMvcConfigurer corsConfigurer() {
-		return new CustomAutenticationProvider(jaasAuthProvider());
+        return new WebMvcConfigurerAdapter() {
 	}
-	@Bean
+            @Override
-	public JaasAuthenticationProvider jaasAuthProvider() {
+            public void addCorsMappings(CorsRegistry registry) {
-		JaasAuthenticationProvider authenticationProvider = new JaasAuthenticationProvider();
+                registry.addMapping("/**").allowedOrigins("*");
-		authenticationProvider.setAuthorityGranters(new AuthorityGranter[] { new RoleGranterFromMap() });
+            }
-		authenticationProvider.setCallbackHandlers(new JaasAuthenticationCallbackHandler[] {
+        };
-				new JaasNameCallbackHandler(), new JaasPasswordCallbackHandler() });
+    }
 		authenticationProvider.setLoginContextName("taskana");
 		authenticationProvider.setLoginConfig(new ClassPathResource("pss_jaas.config"));
 		return authenticationProvider;
 	}
-	@Bean
+    @Bean
-	public WebMvcConfigurer corsConfigurer() {
+    public FilterRegistrationBean corsFilter() {
-		return new WebMvcConfigurerAdapter() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-			@Override
+        CorsConfiguration config = new CorsConfiguration();
-			public void addCorsMappings(CorsRegistry registry) {
+        config.setAllowCredentials(true);
-				registry.addMapping("/**").allowedOrigins("*");
+        config.addAllowedOrigin("*");
-			}
+        config.addAllowedHeader("*");
-		};
+        config.addAllowedMethod("*");
-	}
+        source.registerCorsConfiguration("/**", config);
-	
+        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
-	@Bean
+        bean.setOrder(0);
-	public FilterRegistrationBean corsFilter() {
+        return bean;
-	    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    }
 	    CorsConfiguration config = new CorsConfiguration();
 	    config.setAllowCredentials(true);
 	    config.addAllowedOrigin("*");
 	    config.addAllowedHeader("*");
 	    config.addAllowedMethod("*");
 	    source.registerCorsConfiguration("/**", config);
 	    FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
 	    bean.setOrder(0);
 	    return bean;
 	}
 }