From b0fc76b51da00500b256e72cdabe41c44f544d8a Mon Sep 17 00:00:00 2001
From: Hiroyuki Wada <h2-wada@nri.co.jp>
Date: Tue, 4 Sep 2018 21:41:07 +0900
Subject: [PATCH] Improve sso profile

---
 .../midpoint/web/boot/WebSecurityConfig.java         | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)
 mode change 100644 => 100755 gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java

diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java
old mode 100644
new mode 100755
index 250c685c00f..fa207c7d5e6
--- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java
+++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/WebSecurityConfig.java
@@ -27,7 +27,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.core.annotation.Order;
-import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -35,6 +34,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
 import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
 
 /**
@@ -56,6 +56,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     private boolean csrfEnabled;
     @Value("${auth.logout.url:/}")
     private String authLogoutUrl;
+    @Value("${auth.sso.header:SM_USER}")
+    private String principalRequestHeader;
     
     @Bean
     public WicketLoginUrlAuthenticationEntryPoint wicketAuthenticationEntryPoint() {
@@ -71,10 +73,12 @@ public MidPointGuiAuthorizationEvaluator accessDecisionManager(SecurityEnforcer
 
     @Profile("sso")
     @Bean
-    public RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter(AuthenticationManager authenticationManager) {
+    public RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter() throws Exception {
         RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
-        filter.setPrincipalRequestHeader("SM_USER");
-        filter.setAuthenticationManager(authenticationManager);
+        filter.setPrincipalRequestHeader(principalRequestHeader);
+        filter.setAuthenticationManager(authenticationManager());
+
+        getHttp().addFilterBefore(filter, LogoutFilter.class);
 
         return filter;
     }