Commit aeeff5e1 authored by Daniel Gerhardt's avatar Daniel Gerhardt
Browse files

Merge branch '2.x'

parents a3224b8b 150cab8c
......@@ -34,6 +34,7 @@ import org.scribe.up.provider.impl.Google2Provider.Google2Scope;
import org.scribe.up.provider.impl.TwitterProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
......@@ -73,8 +74,8 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.header.writers.HstsHeaderWriter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.context.ServletContextAware;
import javax.annotation.PostConstruct;
import javax.servlet.ServletContext;
import java.util.ArrayList;
import java.util.List;
......@@ -86,12 +87,14 @@ import java.util.List;
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@Profile("!test")
public class SecurityConfig extends WebSecurityConfigurerAdapter implements ServletContextAware {
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
@Autowired
private ServletContext servletContext;
@Value("${root-url}") private String rootUrl;
@Value("${api.path:}") private String apiPath;
@Value("${security.user-db.enabled}") private boolean dbAuthEnabled;
......@@ -119,6 +122,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements Serv
@Value("${security.google.key}") private String googleKey;
@Value("${security.google.secret}") private String googleSecret;
@PostConstruct
private void init() {
if ("".equals(apiPath)) {
apiPath = servletContext.getContextPath();
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint());
......@@ -465,9 +475,4 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements Serv
return authProvider;
}
@Override
public void setServletContext(ServletContext servletContext) {
this.servletContext = servletContext;
}
}
......@@ -53,6 +53,8 @@ import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.view.RedirectView;
import javax.annotation.PostConstruct;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
......@@ -117,6 +119,9 @@ public class LoginController extends AbstractController {
@Value("${security.twitter.allowed-roles:speaker,student}") private String[] twitterRoles;
@Value("${security.twitter.order}") private int twitterOrder;
@Autowired
private ServletContext servletContext;
@Autowired(required = false)
private DaoAuthenticationProvider daoProvider;
......@@ -143,6 +148,13 @@ public class LoginController extends AbstractController {
private static final Logger logger = LoggerFactory.getLogger(LoginController.class);
@PostConstruct
private void init() {
if ("".equals(apiPath)) {
apiPath = servletContext.getContextPath();
}
}
@RequestMapping(value = { "/auth/login", "/doLogin" }, method = { RequestMethod.POST, RequestMethod.GET })
public void doLogin(
@RequestParam("type") final String type,
......@@ -302,9 +314,6 @@ public class LoginController extends AbstractController {
request.getSession().invalidate();
SecurityContextHolder.clearContext();
if (auth instanceof CasAuthenticationToken) {
if ("".equals(apiPath)) {
apiPath = request.getContextPath();
}
return new RedirectView(apiPath + "/j_spring_cas_security_logout");
}
return new RedirectView(request.getHeader("referer") != null ? request.getHeader("referer") : "/");
......@@ -315,9 +324,6 @@ public class LoginController extends AbstractController {
public List<ServiceDescription> getServices(final HttpServletRequest request) {
List<ServiceDescription> services = new ArrayList<>();
if ("".equals(apiPath)) {
apiPath = request.getContextPath();
}
/* The first parameter is replaced by the backend, the second one by the frondend */
String dialogUrl = apiPath + "/auth/dialog?type={0}&successurl='{0}'";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment