Fix production version again (broken by getting development/local

working)

src/main/java/nl/tudelft/ewi/queue/SamlWebSecurityConfig.java

@@ -17,11 +17,14 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.saml.*;
 import org.springframework.security.saml.context.SAMLContextProviderImpl;
@@ -49,6 +52,8 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import java.util.*;
 
 @Profile("production")
+@Configuration
+@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
 public class SamlWebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
@@ -102,6 +107,35 @@ public class SamlWebSecurityConfig extends WebSecurityConfigurerAdapter {
         return http;
     }
     
+    /**
+     * Defines the web based security configuration.
+     *
+     * @param http It allows configuring web based security for specific http requests.
+     * @throws Exception
+     */
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http = samlizedConfig(http);
+
+        http.authorizeRequests()
+            .antMatchers("/").permitAll()
+            .antMatchers("/manifest.json").permitAll()
+            .antMatchers("/favicon.ico").permitAll()
+            .antMatchers("/sw.js").permitAll()
+            .antMatchers("/css/**").permitAll()
+            .antMatchers("/img/**").permitAll()
+            .antMatchers("/js/**").permitAll()
+            .antMatchers("/webjars/**").permitAll()
+            .antMatchers("/stomp/**").permitAll()
+            .antMatchers("/saml/**").permitAll()
+            .anyRequest()
+            .authenticated();
+
+        http
+            .logout()
+            .logoutSuccessUrl("/");
+    }
+
     @Bean
     public static SAMLBootstrap SAMLBootstrap() {
         return new SAMLBootstrap();

src/main/java/nl/tudelft/ewi/queue/controller/SSOController.java

@@ -51,5 +51,4 @@ public class SSOController {
     private boolean isForwarded(HttpServletRequest request) {
         return request.getAttribute("javax.servlet.forward.request_uri") != null;
     }
-
 }

src/main/resources/templates/layout.html

@@ -71,7 +71,7 @@
                             </a>
                             <ul class="dropdown-menu">
                                 <li><a href="#" th:href="${#mvc.url('PC#profile').build()}">Profile</a></li>
-                                <li><a href="#" onclick="$('#logout').submit();">Logout</a></li>
+                                <li><a href="#" th:href="@{/saml/logout}">Logout</a></li>
                             </ul>
                         </li>
                     </th:block>
@@ -80,8 +80,6 @@
                     </li>
                 </ul>
             </div>
-            <form th:action="${#mvc.url('AC#logout').build()}" method="POST" id="logout">
-            </form>
         </div>
     </nav>