Commit 9da15b84 authored by Andreas Gärtner's avatar Andreas Gärtner

Added further http security configuration for ilias connector.

parent 76eaca38
......@@ -4,6 +4,8 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.authentication.AuthenticationManager;
......@@ -13,12 +15,17 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import de.thm.arsnova.connector.auth.AuthenticationFilter;
import de.thm.arsnova.connector.auth.AuthenticationHandler;
import de.thm.arsnova.connector.auth.AuthenticationTokenService;
import de.thm.arsnova.connector.core.RepoPermissionEvaluator;
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@PropertySource("file:///etc/arsnova/connector.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${admin.username}") private String username;
@Value("${admin.password}") private String password;
......@@ -27,12 +34,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${ldap.serverUrl}") private String ldapServerUrl;
@Value("${ldap.userSearchBase}") private String ldapUserSearchBase;
@Value("${ldap.userSearchFilter}") private String ldapUserSearchFilter;
@Autowired
private Environment env;
@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser(username)
.password(password).authorities("ADMIN");
auth.ldapAuthentication().contextSource(ldapContextSource())
.userSearchBase(ldapUserSearchBase)
.userSearchFilter(ldapUserSearchFilter);
......@@ -43,7 +53,25 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public AuthenticationHandler authHandler() {
return new AuthenticationHandler();
}
@Bean
public AuthenticationTokenService authTokenService() {
return new AuthenticationTokenService();
}
@Bean
public AuthenticationFilter authFilter() {
AuthenticationFilter authFilter = new AuthenticationFilter("/**");
authFilter.setAuthenticationFailureHandler(authHandler().authFailureHandler());
authFilter.setAuthenticationSuccessHandler(authHandler().tokenAuthSuccessHandler());
return authFilter;
}
@Bean
public PermissionEvaluator permissionEvaluator() {
return new RepoPermissionEvaluator();
......@@ -57,6 +85,24 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable();
http.httpBasic();
if("enable".equals(env.getProperty("service.startIliasConnector"))) {
http.authorizeRequests().antMatchers("/ilias/check").permitAll().and()
.authorizeRequests().antMatchers("/ilias/login").permitAll().and()
.authorizeRequests().anyRequest().authenticated().and()
.formLogin().loginPage("/ilias/login").usernameParameter("uname")
.passwordParameter("upass").successHandler(authHandler().authSuccessHandler())
.failureHandler(authHandler().authFailureHandler()).and()
.addFilterBefore(authFilter(),
UsernamePasswordAuthenticationFilter.class)
.exceptionHandling().defaultAuthenticationEntryPointFor(
authHandler().tokenAuthenticationEntryPoint(),
authHandler().ajaxRequestMatcher());
} else {
http.httpBasic();
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment