Merge remote-tracking branch 'origin/master'

gui/admin-gui/pom.xml

@@ -81,10 +81,6 @@
             <artifactId>spring-boot-starter-security</artifactId>
             <scope>runtime</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-transports-http</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-core</artifactId>

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/AbstractSpringBootApplication.java

@@ -8,7 +8,6 @@
 
 import javax.servlet.DispatcherType;
 
-import org.apache.cxf.transport.servlet.CXFServlet;
 import org.apache.wicket.Application;
 import org.apache.wicket.protocol.http.WicketFilter;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -21,11 +20,7 @@
 import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.management.HeapDumpWebEndpointAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.management.ThreadDumpEndpointAutoConfiguration;
-import org.springframework.boot.actuate.autoconfigure.metrics.CompositeMeterRegistryAutoConfiguration;
-import org.springframework.boot.actuate.autoconfigure.metrics.JvmMetricsAutoConfiguration;
-import org.springframework.boot.actuate.autoconfigure.metrics.MetricsAutoConfiguration;
-import org.springframework.boot.actuate.autoconfigure.metrics.MetricsEndpointAutoConfiguration;
-import org.springframework.boot.actuate.autoconfigure.metrics.SystemMetricsAutoConfiguration;
+import org.springframework.boot.actuate.autoconfigure.metrics.*;
 import org.springframework.boot.actuate.autoconfigure.metrics.export.simple.SimpleMetricsExportAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.metrics.web.servlet.WebMvcMetricsAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.metrics.web.tomcat.TomcatMetricsAutoConfiguration;
@@ -41,25 +36,20 @@
 import org.springframework.boot.web.server.ErrorPageRegistrar;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
-import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.core.session.SessionRegistryImpl;
 import org.springframework.web.context.request.RequestContextListener;
 import org.springframework.web.filter.DelegatingFilterProxy;
+import ro.isdc.wro.http.WroFilter;
 
 import com.evolveum.midpoint.init.StartupConfiguration;
 import com.evolveum.midpoint.model.api.authentication.NodeAuthenticationEvaluator;
-import com.evolveum.midpoint.util.logging.Trace;
-import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.web.util.MidPointProfilingServletFilter;
 
-import ro.isdc.wro.http.WroFilter;
-
 /**
  * @author katka
- *
  */
 @ImportAutoConfiguration(classes = {
         EmbeddedTomcatAutoConfiguration.class,
@@ -91,12 +81,9 @@
 })
 public abstract class AbstractSpringBootApplication extends SpringBootServletInitializer {
 
-    private static final Trace LOGGER = TraceManager.getTrace(MidPointSpringApplication.class);
-
     @Autowired StartupConfiguration startupConfiguration;
     @Autowired NodeAuthenticationEvaluator nodeAuthenticator;
 
-
     @Bean
     public ServletListenerRegistrationBean<RequestContextListener> requestContextListener() {
         return new ServletListenerRegistrationBean<>(new RequestContextListener());
@@ -106,7 +93,6 @@ public ServletListenerRegistrationBean<RequestContextListener> requestContextLis
     public FilterRegistrationBean<MidPointProfilingServletFilter> midPointProfilingServletFilter() {
         FilterRegistrationBean<MidPointProfilingServletFilter> registration = new FilterRegistrationBean<>();
         registration.setFilter(new MidPointProfilingServletFilter());
-        //            registration.setDispatcherTypes(EnumSet.allOf(DispatcherType.class));
         registration.addUrlPatterns("/*");
         return registration;
     }
@@ -144,17 +130,6 @@ public FilterRegistrationBean<WroFilter> webResourceOptimizer(WroFilter wroFilte
         return registration;
     }
 
-    @Bean
-    public ServletRegistrationBean<CXFServlet> cxfServlet() {
-        ServletRegistrationBean<CXFServlet> registration = new ServletRegistrationBean<>();
-        registration.setServlet(new CXFServlet());
-        registration.addInitParameter("service-list-path", "midpointservices");
-        registration.setLoadOnStartup(1);
-        registration.addUrlMappings("/model/*", "/ws/*");
-
-        return registration;
-    }
-
     @Bean
     public ErrorPageRegistrar errorPageRegistrar() {
         return new MidPointErrorPageRegistrar();

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/security/BasicWebSecurityConfig.java

@@ -6,33 +6,19 @@
  */
 package com.evolveum.midpoint.web.security;
 
-import com.evolveum.midpoint.model.common.SystemObjectCache;
-import com.evolveum.midpoint.schema.result.OperationResult;
-import com.evolveum.midpoint.schema.util.SystemConfigurationTypeUtil;
-import com.evolveum.midpoint.security.api.SecurityContextManager;
-import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
-import com.evolveum.midpoint.task.api.TaskManager;
-import com.evolveum.midpoint.util.exception.SchemaException;
-import com.evolveum.midpoint.util.logging.Trace;
-import com.evolveum.midpoint.util.logging.TraceManager;
-import com.evolveum.midpoint.web.security.factory.channel.AuthChannelRegistryImpl;
-import com.evolveum.midpoint.web.security.factory.module.AuthModuleRegistryImpl;
-import com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter;
-import com.evolveum.midpoint.web.security.filter.MidpointRequestAttributeAuthenticationFilter;
-import com.evolveum.midpoint.web.security.filter.configurers.AuthFilterConfigurer;
-import org.jasig.cas.client.session.SingleSignOutFilter;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
-import org.springframework.security.cas.web.CasAuthenticationFilter;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
@@ -42,18 +28,16 @@
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
-import org.springframework.security.web.authentication.logout.LogoutFilter;
-import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
-import org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter;
 import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
 import org.springframework.security.web.session.HttpSessionEventPublisher;
-import org.springframework.security.web.util.matcher.RequestMatcher;
-import org.springframework.util.AntPathMatcher;
 
-import javax.servlet.http.HttpServletRequest;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.UUID;
+import com.evolveum.midpoint.security.api.SecurityContextManager;
+import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
+import com.evolveum.midpoint.task.api.TaskManager;
+import com.evolveum.midpoint.web.security.factory.channel.AuthChannelRegistryImpl;
+import com.evolveum.midpoint.web.security.factory.module.AuthModuleRegistryImpl;
+import com.evolveum.midpoint.web.security.filter.MidpointAnonymousAuthenticationFilter;
+import com.evolveum.midpoint.web.security.filter.configurers.AuthFilterConfigurer;
 
 /**
  * @author skublik
@@ -63,20 +47,12 @@
 @EnableWebSecurity
 public class BasicWebSecurityConfig extends WebSecurityConfigurerAdapter {
 
-    private static final Trace LOGGER = TraceManager.getTrace(BasicWebSecurityConfig.class);
-
     @Autowired
     private AuthModuleRegistryImpl authRegistry;
 
     @Autowired
     AuthChannelRegistryImpl authChannelRegistry;
 
-    @Autowired
-    private AuthenticationManager authenticationManager;
-
-    @Autowired
-    private SystemObjectCache systemObjectCache;
-
     @Autowired
     private SessionRegistry sessionRegistry;
 
@@ -94,8 +70,8 @@ public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcess
 
     @Bean
     public MidPointGuiAuthorizationEvaluator accessDecisionManager(SecurityEnforcer securityEnforcer,
-                                                                   SecurityContextManager securityContextManager,
-                                                                   TaskManager taskManager) {
+            SecurityContextManager securityContextManager,
+            TaskManager taskManager) {
         return new MidPointGuiAuthorizationEvaluator(securityEnforcer, securityContextManager, taskManager);
     }
 
@@ -132,30 +108,6 @@ public void configure(WebSecurity web) throws Exception {
         // Web (SOAP) services
         web.ignoring().antMatchers("/model/**");
 
-        // REST service
-        web.ignoring().requestMatchers(new RequestMatcher() {
-            @Override
-            public boolean matches(HttpServletRequest httpServletRequest) {
-                AntPathMatcher mather = new AntPathMatcher();
-                boolean isExperimentalEnabled = false;
-                try {
-                    isExperimentalEnabled = SystemConfigurationTypeUtil.isExperimentalCodeEnabled(
-                            systemObjectCache.getSystemConfiguration(new OperationResult("Load System Config")).asObjectable());
-                } catch (SchemaException e) {
-                    LOGGER.error("Couldn't load system configuration", e);
-                }
-                if (isExperimentalEnabled
-                        && mather.match("/ws/rest/**", httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) {
-                    return false;
-                }
-                if (mather.match("/ws/**", httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) {
-                    return true;
-                }
-                return false;
-            }
-        });
-        web.ignoring().antMatchers("/rest/**");
-
         // Special intra-cluster service to download and delete report outputs
         web.ignoring().antMatchers("/report");
 
@@ -175,7 +127,6 @@ public boolean matches(HttpServletRequest httpServletRequest) {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-
         AnonymousAuthenticationFilter anonymousFilter = new MidpointAnonymousAuthenticationFilter(authRegistry, authChannelRegistry, UUID.randomUUID().toString(), "anonymousUser",
                 AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));