Merge branch 'context-path-handling' into '2.x'

Improve handling of context path prefix

See merge request !61

src/main/java/de/thm/arsnova/config/SecurityConfig.java

@@ -34,6 +34,7 @@ import org.scribe.up.provider.impl.Google2Provider.Google2Scope;
 import org.scribe.up.provider.impl.TwitterProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -73,8 +74,8 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.security.web.header.writers.HstsHeaderWriter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.web.context.ServletContextAware;
 
+import javax.annotation.PostConstruct;
 import javax.servlet.ServletContext;
 import java.util.ArrayList;
 import java.util.List;
@@ -86,12 +87,14 @@ import java.util.List;
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 @EnableWebSecurity
 @Profile("!test")
-public class SecurityConfig extends WebSecurityConfigurerAdapter implements ServletContextAware {
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
 
+	@Autowired
 	private ServletContext servletContext;
 
 	@Value("${root-url}") private String rootUrl;
+	@Value("${api.path:}") private String apiPath;
 
 	@Value("${security.user-db.enabled}") private boolean dbAuthEnabled;
 
@@ -119,6 +122,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements Serv
 	@Value("${security.google.key}") private String googleKey;
 	@Value("${security.google.secret}") private String googleSecret;
 
+	@PostConstruct
+	private void init() {
+		if ("".equals(apiPath)) {
+			apiPath = servletContext.getContextPath();
+		}
+	}
+
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint());
@@ -465,9 +475,4 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements Serv
 
 		return authProvider;
 	}
-
-	@Override
-	public void setServletContext(ServletContext servletContext) {
-		this.servletContext = servletContext;
-	}
 }

src/main/java/de/thm/arsnova/controller/LoginController.java

@@ -53,6 +53,8 @@ import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.View;
 import org.springframework.web.servlet.view.RedirectView;
 
+import javax.annotation.PostConstruct;
+import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -117,6 +119,9 @@ public class LoginController extends AbstractController {
 	@Value("${security.twitter.allowed-roles:speaker,student}") private String[] twitterRoles;
 	@Value("${security.twitter.order}") private int twitterOrder;
 
+	@Autowired
+	private ServletContext servletContext;
+
 	@Autowired(required = false)
 	private DaoAuthenticationProvider daoProvider;
 
@@ -143,6 +148,13 @@ public class LoginController extends AbstractController {
 
 	private static final Logger logger = LoggerFactory.getLogger(LoginController.class);
 
+	@PostConstruct
+	private void init() {
+		if ("".equals(apiPath)) {
+			apiPath = servletContext.getContextPath();
+		}
+	}
+
 	@RequestMapping(value = { "/auth/login", "/doLogin" }, method = { RequestMethod.POST, RequestMethod.GET })
 	public void doLogin(
 			@RequestParam("type") final String type,
@@ -302,9 +314,6 @@ public class LoginController extends AbstractController {
 		request.getSession().invalidate();
 		SecurityContextHolder.clearContext();
 		if (auth instanceof CasAuthenticationToken) {
-			if ("".equals(apiPath)) {
-				apiPath = request.getContextPath();
-			}
 			return new RedirectView(apiPath + "/j_spring_cas_security_logout");
 		}
 		return new RedirectView(request.getHeader("referer") != null ? request.getHeader("referer") : "/");
@@ -315,9 +324,6 @@ public class LoginController extends AbstractController {
 	public List<ServiceDescription> getServices(final HttpServletRequest request) {
 		List<ServiceDescription> services = new ArrayList<>();
 
-		if ("".equals(apiPath)) {
-			apiPath = request.getContextPath();
-		}
 		/* The first parameter is replaced by the backend, the second one by the frondend */
 		String dialogUrl = apiPath + "/auth/dialog?type={0}&successurl='{0}'";