Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
updated Spring Security to 5.7.1, Spring Boot to 2.7.0
  • Loading branch information
albogdano committed May 27, 2022
1 parent fa677c6 commit 88e8856
Show file tree
Hide file tree
Showing 16 changed files with 208 additions and 243 deletions.
10 changes: 5 additions & 5 deletions para-server/pom.xml
Expand Up @@ -12,8 +12,8 @@
<name>para-server</name>

<properties>
<springSecVer>5.6.3</springSecVer>
<springLdapVer>2.3.6.RELEASE</springLdapVer>
<springSecVer>5.7.1</springSecVer>
<springLdapVer>2.4.0</springLdapVer>
</properties>

<dependencies>
Expand All @@ -23,7 +23,7 @@
<version>${project.version}</version>
</dependency>

<dependency>
<!-- <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>5.3.20</version>
Expand All @@ -42,7 +42,7 @@
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>5.3.20</version>
</dependency>
</dependency>-->

<!-- SPRING SECURITY -->
<dependency>
Expand Down Expand Up @@ -130,7 +130,7 @@
<dependency>
<groupId>com.unboundid</groupId>
<artifactId>unboundid-ldapsdk</artifactId>
<version>6.0.4</version>
<version>6.0.5</version>
</dependency>

<!-- SAML -->
Expand Down
Expand Up @@ -34,6 +34,7 @@
import com.erudika.para.server.security.filters.MicrosoftAuthFilter;
import com.erudika.para.server.security.filters.PasswordAuthFilter;
import com.erudika.para.server.security.filters.PasswordlessAuthFilter;
import com.erudika.para.server.security.filters.SAMLAuthFilter;
import com.erudika.para.server.security.filters.SlackAuthFilter;
import com.erudika.para.server.security.filters.TwitterAuthFilter;
import com.nimbusds.jwt.SignedJWT;
Expand All @@ -52,6 +53,8 @@
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
Expand All @@ -68,6 +71,8 @@
*/
public class JWTRestfulAuthFilter extends GenericFilterBean {

private static final Logger logger = LoggerFactory.getLogger(JWTRestfulAuthFilter.class);

private AuthenticationManager authenticationManager;
private AntPathRequestMatcher authenticationRequestMatcher;

Expand All @@ -83,6 +88,7 @@ public class JWTRestfulAuthFilter extends GenericFilterBean {
private LdapAuthFilter ldapAuth;
private PasswordAuthFilter passwordAuth;
private PasswordlessAuthFilter passwordlessAuth;
private SAMLAuthFilter samlAuth;

/**
* The default filter mapping.
Expand All @@ -91,10 +97,11 @@ public class JWTRestfulAuthFilter extends GenericFilterBean {

/**
* Default constructor.
* @param defaultFilterProcessesUrl filter URL
* @param authenticationManager auth manager
*/
public JWTRestfulAuthFilter(String defaultFilterProcessesUrl) {
setFilterProcessesUrl(defaultFilterProcessesUrl);
public JWTRestfulAuthFilter(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
setFilterProcessesUrl("/" + JWT_ACTION);
}

@Override
Expand Down Expand Up @@ -201,7 +208,7 @@ private boolean refreshTokenHandler(HttpServletRequest request, HttpServletRespo
}
}
} catch (Exception ex) {
logger.debug(ex);
logger.debug(null, ex);
}
}
response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Bearer error=\"invalid_token\"");
Expand All @@ -226,7 +233,7 @@ private boolean revokeAllTokensHandler(HttpServletRequest request, HttpServletRe
}
}
} catch (Exception ex) {
logger.debug(ex);
logger.debug(null, ex);
}
}
response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Bearer");
Expand Down Expand Up @@ -485,6 +492,7 @@ public LdapAuthFilter getLdapAuth() {
/**
* @param ldapAuth auth filter
*/
@Inject
public void setLdapAuth(LdapAuthFilter ldapAuth) {
this.ldapAuth = ldapAuth;
}
Expand Down Expand Up @@ -519,6 +527,21 @@ public void setPasswordlessAuth(PasswordlessAuthFilter passwordlessAuth) {
this.passwordlessAuth = passwordlessAuth;
}

/**
* @return auth filter
*/
public SAMLAuthFilter getSamlAuth() {
return samlAuth;
}

/**
* @param samlAuth auth filter
*/
@Inject
public void setSamlAuth(SAMLAuthFilter samlAuth) {
this.samlAuth = samlAuth;
}

private void validateDelegatedTokenIfNecessary(JWTAuthentication jwt) throws AuthenticationException, IOException {
User user = SecurityUtils.getAuthenticatedUser(jwt);
if (user != null && jwt != null) {
Expand Down
@@ -0,0 +1,88 @@
/*
* Copyright 2013-2022 Erudika. http://erudika.com
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* For issues and patches go to: https://github.com/erudika
*/
package com.erudika.para.server.security;

import com.erudika.para.server.ParaServer;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

/**
*
* @author Alex Bogdanovski [alex@erudika.com]
*/
public class JwtConfigurer extends AbstractHttpConfigurer<JwtConfigurer, HttpSecurity> {

@Override
public void configure(HttpSecurity builder) throws Exception {
AuthenticationManager authenticationManager = builder.getSharedObject(AuthenticationManager.class);
JWTRestfulAuthFilter jwtAuthFilter = new JWTRestfulAuthFilter(authenticationManager);
RestAuthFilter restAuthFilter = new RestAuthFilter();
ParaServer.injectInto(jwtAuthFilter);

jwtAuthFilter.getPasswordAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getPasswordAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getPasswordlessAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getPasswordlessAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getFacebookAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getFacebookAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getGoogleAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getGoogleAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getLinkedinAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getLinkedinAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getTwitterAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getTwitterAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getGithubAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getGithubAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getMicrosoftAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getMicrosoftAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getSlackAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getSlackAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getAmazonAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getAmazonAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getGenericOAuth2Auth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getGenericOAuth2Auth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getLdapAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getLdapAuth(), BasicAuthenticationFilter.class);

jwtAuthFilter.getSamlAuth().setAuthenticationManager(authenticationManager);
builder.addFilterAfter(jwtAuthFilter.getSamlAuth(), BasicAuthenticationFilter.class);

builder.addFilterBefore(jwtAuthFilter, RememberMeAuthenticationFilter.class);

builder.addFilterBefore(restAuthFilter, RememberMeAuthenticationFilter.class);
}

public static JwtConfigurer customDsl() {
return new JwtConfigurer();
}

}

0 comments on commit 88e8856

Please sign in to comment.