Skip to content
Snippets Groups Projects

Fix the development security profile filter chain

Files

@@ -17,9 +17,13 @@
@@ -17,9 +17,13 @@
*/
*/
package nl.tudelft.labracore.security;
package nl.tudelft.labracore.security;
 
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Collectors;
 
import javax.servlet.http.HttpServletRequest;
 
import nl.tudelft.labracore.DevDatabaseLoader;
import nl.tudelft.labracore.DevDatabaseLoader;
 
import nl.tudelft.labracore.security.api.APIAuthenticationEntryPoint;
import nl.tudelft.labracore.security.api.APIUserDetailsWithPerson;
import nl.tudelft.labracore.security.api.APIUserDetailsWithPerson;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Autowired;
@@ -27,17 +31,26 @@ import org.springframework.context.annotation.Bean;
@@ -27,17 +31,26 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationManager;
 
import org.springframework.security.authentication.AuthenticationProvider;
 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
 
import org.springframework.security.web.DefaultSecurityFilterChain;
 
import org.springframework.security.web.FilterChainProxy;
 
import org.springframework.security.web.access.ExceptionTranslationFilter;
 
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
import org.springframework.security.web.savedrequest.NullRequestCache;
 
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@Profile("development")
@Configuration
@Configuration
@EnableWebSecurity
@EnableWebSecurity
 
@Profile("development")
public class DevelopmentSecurityConfig extends WebSecurityConfigurerAdapter {
public class DevelopmentSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Autowired
private DevDatabaseLoader db;
private DevDatabaseLoader db;
@@ -46,12 +59,18 @@ public class DevelopmentSecurityConfig extends WebSecurityConfigurerAdapter {
@@ -46,12 +59,18 @@ public class DevelopmentSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
//@formatter:off
http.authorizeRequests()
http.authorizeRequests()
.anyRequest().permitAll();
.anyRequest().authenticated()
 
.and().addFilterAfter(apiKeyFilterChainProxy(), BasicAuthenticationFilter.class);
http.csrf().disable();
http.csrf().disable();
//@formatter:on
//@formatter:on
}
}
 
@Override
 
protected void configure(AuthenticationManagerBuilder auth) {
 
auth.authenticationProvider(preAuthenticatedAuthenticationProvider());
 
}
 
@Bean
@Bean
@Override
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
public AuthenticationManager authenticationManagerBean() throws Exception {
@@ -59,7 +78,7 @@ public class DevelopmentSecurityConfig extends WebSecurityConfigurerAdapter {
@@ -59,7 +78,7 @@ public class DevelopmentSecurityConfig extends WebSecurityConfigurerAdapter {
}
}
@Bean
@Bean
PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider() {
AuthenticationProvider preAuthenticatedAuthenticationProvider() {
PreAuthenticatedAuthenticationProvider authProvider = new PreAuthenticatedAuthenticationProvider();
PreAuthenticatedAuthenticationProvider authProvider = new PreAuthenticatedAuthenticationProvider();
authProvider.setPreAuthenticatedUserDetailsService(devUserDetailsService());
authProvider.setPreAuthenticatedUserDetailsService(devUserDetailsService());
return authProvider;
return authProvider;
@@ -67,10 +86,40 @@ public class DevelopmentSecurityConfig extends WebSecurityConfigurerAdapter {
@@ -67,10 +86,40 @@ public class DevelopmentSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Bean
AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> devUserDetailsService() {
AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> devUserDetailsService() {
return token -> new APIUserDetailsWithPerson(db.getAllAccessKey(),
return token -> (APIUserDetailsWithPerson) token.getPrincipal();
db.getAllAccessKey().getPermissions().stream()
}
.map(p -> new SimpleGrantedAuthority(p.getName()))
.collect(Collectors.toSet()),
@Bean
db.getAdmin1());
FilterChainProxy apiKeyFilterChainProxy() throws Exception {
 
return new FilterChainProxy(List.of(
 
new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/**"), List.of(
 
exceptionTranslationFilter(),
 
processingFilter()))));
 
}
 
 
@Bean
 
ExceptionTranslationFilter exceptionTranslationFilter() {
 
return new ExceptionTranslationFilter(new APIAuthenticationEntryPoint(), new NullRequestCache());
 
}
 
 
@Bean
 
AbstractPreAuthenticatedProcessingFilter processingFilter() throws Exception {
 
var filter = new AbstractPreAuthenticatedProcessingFilter() {
 
@Override
 
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
 
return new APIUserDetailsWithPerson(db.getAllAccessKey(),
 
db.getAllAccessKey().getPermissions().stream()
 
.map(p -> new SimpleGrantedAuthority(p.getName()))
 
.collect(Collectors.toSet()),
 
db.getAdmin1());
 
}
 
 
@Override
 
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
 
return "N/A";
 
}
 
};
 
filter.setAuthenticationManager(authenticationManager());
 
return filter;
}
}
}
}
Loading