Added further http security configuration for ilias connector.

9da15b84 · Andreas Gärtner · 76eaca38 · 9da15b84
Commit 9da15b84 authored Aug 01, 2014 by Andreas Gärtner
Hide whitespace changes
Inline Side-by-side

Showing with 50 additions and 4 deletions

connector-service/src/main/java/de/thm/arsnova/connector/config/SecurityConfig.java .../java/de/thm/arsnova/connector/config/SecurityConfig.java +50 -4

No files found.
--- a/connector-service/src/main/java/de/thm/arsnova/connector/config/SecurityConfig.java
+++ b/connector-service/src/main/java/de/thm/arsnova/connector/config/SecurityConfig.java
@@ -4,6 +4,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.core.env.Environment;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -13,12 +15,17 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

+import de.thm.arsnova.connector.auth.AuthenticationFilter;
+import de.thm.arsnova.connector.auth.AuthenticationHandler;
+import de.thm.arsnova.connector.auth.AuthenticationTokenService;
 import de.thm.arsnova.connector.core.RepoPermissionEvaluator;

 @Configuration
 @EnableWebMvcSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
+@PropertySource("file:///etc/arsnova/connector.properties")
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Value("${admin.username}") private String username;
 	@Value("${admin.password}") private String password;
@@ -27,12 +34,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Value("${ldap.serverUrl}") private String ldapServerUrl;
 	@Value("${ldap.userSearchBase}") private String ldapUserSearchBase;
 	@Value("${ldap.userSearchFilter}") private String ldapUserSearchFilter;
-
+	
+	@Autowired
+	private Environment env;
+		
 	@Autowired
 	public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
 		auth.inMemoryAuthentication().withUser(username)
 		.password(password).authorities("ADMIN");
-
+	
 		auth.ldapAuthentication().contextSource(ldapContextSource())
 		.userSearchBase(ldapUserSearchBase)
 		.userSearchFilter(ldapUserSearchFilter);
@@ -43,7 +53,25 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	public AuthenticationManager authenticationManagerBean() throws Exception {
 		return super.authenticationManagerBean();
 	}
-
+	
+	@Bean
+	public AuthenticationHandler authHandler() {
+		return new AuthenticationHandler();
+	}
+	
+	@Bean
+	public AuthenticationTokenService authTokenService() {
+		return new AuthenticationTokenService();
+	}
+		
+	@Bean
+	public AuthenticationFilter authFilter() {
+		AuthenticationFilter authFilter = new AuthenticationFilter("/**");
+		authFilter.setAuthenticationFailureHandler(authHandler().authFailureHandler());
+		authFilter.setAuthenticationSuccessHandler(authHandler().tokenAuthSuccessHandler());
+		return authFilter;
+	}
+	
 	@Bean
 	public PermissionEvaluator permissionEvaluator() {
 		return new RepoPermissionEvaluator();
@@ -57,6 +85,24 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(final HttpSecurity http) throws Exception {
 		http.csrf().disable();
-		http.httpBasic();
+				
+		if("enable".equals(env.getProperty("service.startIliasConnector"))) {
+			http.authorizeRequests().antMatchers("/ilias/check").permitAll().and()
+				.authorizeRequests().antMatchers("/ilias/login").permitAll().and()
+				.authorizeRequests().anyRequest().authenticated().and()
+			
+				.formLogin().loginPage("/ilias/login").usernameParameter("uname")
+				.passwordParameter("upass").successHandler(authHandler().authSuccessHandler())
+				.failureHandler(authHandler().authFailureHandler()).and()
+				
+				.addFilterBefore(authFilter(),
+						UsernamePasswordAuthenticationFilter.class)
+
+				.exceptionHandling().defaultAuthenticationEntryPointFor(
+						authHandler().tokenAuthenticationEntryPoint(),
+						authHandler().ajaxRequestMatcher());
+		} else {
+			http.httpBasic();
+		}
 	}
 }