[SYNCOPE-1760] Refactoring Spring Security config for Core (#463)

client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseLogin.java

@@ -217,8 +217,6 @@ public void renderHead(final IHeaderResponse response) {
 
     protected abstract void sendError(String error);
 
-    protected abstract String getAnonymousUser();
-
     protected abstract void authenticate(
             String username,
             String password,

client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseSession.java

@@ -22,7 +22,7 @@
 import java.util.Locale;
 import java.util.concurrent.Callable;
 import java.util.concurrent.Future;
-import org.apache.syncope.client.lib.SyncopeClient;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
 
 public interface BaseSession {
 
@@ -55,7 +55,7 @@ public String fallback() {
 
     String getJWT();
 
-    SyncopeClient getAnonymousClient();
+    SyncopeAnonymousClient getAnonymousClient();
 
     <T> T getAnonymousService(Class<T> serviceClass);
 

client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleProperties.java

@@ -66,8 +66,6 @@ public void setQueueCapacity(final int queueCapacity) {
         }
     }
 
-    private String adminUser = "admin";
-
     private final Map<String, Class<? extends BasePage>> page = new HashMap<>();
 
     private String defaultAnyPanelClass = AnyPanel.class.getName();
@@ -76,16 +74,6 @@ public void setQueueCapacity(final int queueCapacity) {
 
     private final Topology topology = new Topology();
 
-    @Override
-    public String getAdminUser() {
-        return adminUser;
-    }
-
-    @Override
-    public void setAdminUser(final String adminUser) {
-        this.adminUser = adminUser;
-    }
-
     public Map<String, Class<? extends BasePage>> getPage() {
         return page;
     }

client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java

@@ -20,6 +20,7 @@
 
 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
@@ -37,8 +38,9 @@
 @Configuration(proxyBeanMethods = false)
 public class SecurityConfig {
 
+    @ConditionalOnMissingBean
     @Bean
-    public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception {
+    public SecurityFilterChain actuatorFilterChain(final HttpSecurity http) throws Exception {
         EndpointRequest.EndpointRequestMatcher actuatorEndpoints = EndpointRequest.toAnyEndpoint();
         http.authorizeHttpRequests(customizer -> customizer.
                 requestMatchers(new NegatedRequestMatcher(actuatorEndpoints)).permitAll().
@@ -50,8 +52,9 @@ public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception
         return http.build();
     }
 
+    @ConditionalOnMissingBean
     @Bean
-    public UserDetailsService userDetailsService(final ConsoleProperties props) {
+    public UserDetailsService actuatorUserDetailsService(final ConsoleProperties props) {
         UserDetails user = User.withUsername(props.getAnonymousUser()).
                 password("{noop}" + props.getAnonymousKey()).
                 roles(IdRepoEntitlement.ANONYMOUS).

client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java

@@ -43,6 +43,7 @@
 import org.apache.commons.lang3.tuple.Triple;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.syncope.client.console.commons.RealmsUtils;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
 import org.apache.syncope.client.lib.SyncopeClient;
 import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
 import org.apache.syncope.client.lib.batch.BatchRequest;
@@ -96,7 +97,7 @@ public String fallback() {
 
     protected final SyncopeClientFactoryBean clientFactory;
 
-    protected final SyncopeClient anonymousClient;
+    protected final SyncopeAnonymousClient anonymousClient;
 
     protected final Pair<String, String> gitAndBuildInfo;
 
@@ -382,7 +383,7 @@ public void refreshAuth(final String username) {
     }
 
     @Override
-    public SyncopeClient getAnonymousClient() {
+    public SyncopeAnonymousClient getAnonymousClient() {
         return anonymousClient;
     }
 

client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java

@@ -43,8 +43,7 @@
 import org.apache.syncope.client.console.pages.MustChangePassword;
 import org.apache.syncope.client.console.rest.RealmRestClient;
 import org.apache.syncope.client.console.wizards.any.UserFormFinalizer;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
-import org.apache.syncope.client.lib.SyncopeClient;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
 import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
 import org.apache.syncope.client.ui.commons.Constants;
 import org.apache.syncope.client.ui.commons.SyncopeUIRequestCycleListener;
@@ -271,9 +270,8 @@ public ThreadPoolTaskExecutor newThreadPoolTaskExecutor() {
         return executor;
     }
 
-    public SyncopeClient newAnonymousClient() {
-        return newClientFactory().create(
-                new AnonymousAuthenticationHandler(props.getAnonymousUser(), props.getAnonymousKey()));
+    public SyncopeAnonymousClient newAnonymousClient() {
+        return newClientFactory().createAnonymous(props.getAnonymousUser(), props.getAnonymousKey());
     }
 
     public SyncopeClientFactoryBean newClientFactory() {

client/idrepo/console/src/main/java/org/apache/syncope/client/console/pages/Login.java

@@ -64,11 +64,6 @@ protected void sendError(final String error) {
         SyncopeConsoleSession.get().error(error);
     }
 
-    @Override
-    protected String getAnonymousUser() {
-        return SyncopeWebApplication.get().getAnonymousUser();
-    }
-
     @Override
     protected void authenticate(final String username, final String password, final AjaxRequestTarget target)
             throws NotAuthorizedException {

client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java

@@ -20,6 +20,7 @@
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.isNull;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
@@ -56,6 +57,7 @@
 import org.apache.syncope.client.console.commons.VirSchemaDetailsPanelProvider;
 import org.apache.syncope.client.console.init.ClassPathScanImplementationLookup;
 import org.apache.syncope.client.lib.AuthenticationHandler;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
 import org.apache.syncope.client.lib.SyncopeClient;
 import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
 import org.apache.syncope.client.ui.commons.MIMETypesLoader;
@@ -292,12 +294,13 @@ private UserTO getUserTO() {
         @Override
         public SyncopeClientFactoryBean newClientFactory() {
             SyncopeClient client = mock(SyncopeClient.class);
+            SyncopeAnonymousClient anonymousClient = mock(SyncopeAnonymousClient.class);
 
             when(client.self()).thenReturn(Triple.of(new HashMap<>(), List.of(), getUserTO()));
 
-            when(client.gitAndBuildInfo()).thenReturn(Pair.of("", ""));
-            when(client.platform()).thenReturn(new PlatformInfo());
-            when(client.numbers()).thenAnswer(ic -> {
+            when(anonymousClient.gitAndBuildInfo()).thenReturn(Pair.of("", ""));
+            when(anonymousClient.platform()).thenReturn(new PlatformInfo());
+            when(anonymousClient.numbers()).thenAnswer(ic -> {
                 NumbersInfo numbersInfo = new NumbersInfo();
 
                 numbersInfo.getConfCompleteness().put(
@@ -321,7 +324,7 @@ public SyncopeClientFactoryBean newClientFactory() {
 
                 return numbersInfo;
             });
-            when(client.system()).thenReturn(new SystemInfo());
+            when(anonymousClient.system()).thenReturn(new SystemInfo());
 
             SyncopeService syncopeService = getSyncopeService();
             when(client.getService(SyncopeService.class)).thenReturn(syncopeService);
@@ -339,6 +342,7 @@ public SyncopeClientFactoryBean newClientFactory() {
             when(clientFactory.setDomain(any())).thenReturn(clientFactory);
             when(clientFactory.create(any(AuthenticationHandler.class))).thenReturn(client);
             when(clientFactory.create(anyString(), anyString())).thenReturn(client);
+            when(clientFactory.createAnonymous(anyString(), isNull())).thenReturn(anonymousClient);
 
             return clientFactory;
         }

client/idrepo/console/src/test/resources/log4j2.xml

@@ -29,7 +29,7 @@ under the License.
 
   <loggers>
 
-    <asyncLogger name="org.apache.syncope.client.lib" additivity="false" level="OFF">
+    <asyncLogger name="org.apache.syncope.client.lib" additivity="false" level="ERROR">
       <appender-ref ref="console"/>
     </asyncLogger>
 

client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java

@@ -20,6 +20,7 @@
 
 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
@@ -37,8 +38,9 @@
 @Configuration(proxyBeanMethods = false)
 public class SecurityConfig {
 
+    @ConditionalOnMissingBean
     @Bean
-    public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception {
+    public SecurityFilterChain actuatorFilterChain(final HttpSecurity http) throws Exception {
         EndpointRequest.EndpointRequestMatcher actuatorEndpoints = EndpointRequest.toAnyEndpoint();
         http.authorizeHttpRequests(customizer -> customizer.
                 requestMatchers(new NegatedRequestMatcher(actuatorEndpoints)).permitAll().
@@ -50,8 +52,9 @@ public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception
         return http.build();
     }
 
+    @ConditionalOnMissingBean
     @Bean
-    public UserDetailsService userDetailsService(final EnduserProperties props) {
+    public UserDetailsService actuatorUserDetailsService(final EnduserProperties props) {
         UserDetails user = User.withUsername(props.getAnonymousUser()).
                 password("{noop}" + props.getAnonymousKey()).
                 roles(IdRepoEntitlement.ANONYMOUS).

client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java

@@ -36,6 +36,7 @@
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.apache.commons.lang3.time.FastDateFormat;
 import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
 import org.apache.syncope.client.lib.SyncopeClient;
 import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
 import org.apache.syncope.client.ui.commons.BaseSession;
@@ -87,7 +88,7 @@ public String fallback() {
 
     private final SyncopeClientFactoryBean clientFactory;
 
-    private final SyncopeClient anonymousClient;
+    private final SyncopeAnonymousClient anonymousClient;
 
     private final PlatformInfo platformInfo;
 
@@ -296,7 +297,7 @@ public UserTO getSelfTO(final boolean reload) {
     }
 
     @Override
-    public SyncopeClient getAnonymousClient() {
+    public SyncopeAnonymousClient getAnonymousClient() {
         return anonymousClient;
     }
 

client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java

@@ -35,8 +35,7 @@
 import org.apache.syncope.client.enduser.pages.MustChangePassword;
 import org.apache.syncope.client.enduser.pages.SelfConfirmPasswordReset;
 import org.apache.syncope.client.enduser.panels.Sidebar;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
-import org.apache.syncope.client.lib.SyncopeClient;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
 import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
 import org.apache.syncope.client.ui.commons.SyncopeUIRequestCycleListener;
 import org.apache.syncope.client.ui.commons.annotations.Resource;
@@ -246,9 +245,8 @@ public Session newSession(final Request request, final Response response) {
         return new SyncopeEnduserSession(request);
     }
 
-    public SyncopeClient newAnonymousClient() {
-        return newClientFactory().create(
-                new AnonymousAuthenticationHandler(props.getAnonymousUser(), props.getAnonymousKey()));
+    public SyncopeAnonymousClient newAnonymousClient() {
+        return newClientFactory().createAnonymous(props.getAnonymousUser(), props.getAnonymousKey());
     }
 
     public SyncopeClientFactoryBean newClientFactory() {
@@ -278,10 +276,6 @@ public String getAnonymousUser() {
         return props.getAnonymousUser();
     }
 
-    public String getAnonymousKey() {
-        return props.getAnonymousKey();
-    }
-
     public boolean isCaptchaEnabled() {
         return props.isCaptcha();
     }

client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/Login.java

@@ -88,11 +88,6 @@ protected void sendError(final String error) {
         SyncopeEnduserSession.get().error(error);
     }
 
-    @Override
-    protected String getAnonymousUser() {
-        return SyncopeWebApplication.get().getAnonymousUser();
-    }
-
     @Override
     protected void authenticate(final String username, final String password, final AjaxRequestTarget target)
             throws NotAuthorizedException {

client/idrepo/enduser/src/test/java/org/apache/syncope/client/enduser/AbstractTest.java

@@ -20,6 +20,7 @@
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.isNull;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
@@ -35,6 +36,7 @@
 import org.apache.cxf.jaxrs.client.Client;
 import org.apache.syncope.client.enduser.init.ClassPathScanImplementationLookup;
 import org.apache.syncope.client.lib.AuthenticationHandler;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
 import org.apache.syncope.client.lib.SyncopeClient;
 import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
 import org.apache.syncope.client.ui.commons.MIMETypesLoader;
@@ -199,12 +201,14 @@ private UserTO getUserTO() {
         @Override
         public SyncopeClientFactoryBean newClientFactory() {
             SyncopeClient client = mock(SyncopeClient.class);
+            SyncopeAnonymousClient anonymousClient = mock(SyncopeAnonymousClient.class);
+
             when(client.getJWT()).thenReturn("<anyJWT>");
 
             when(client.self()).thenReturn(Triple.of(new HashMap<>(), List.of(), getUserTO()));
 
-            when(client.platform()).thenReturn(new PlatformInfo());
-            when(client.numbers()).thenAnswer(ic -> {
+            when(anonymousClient.platform()).thenReturn(new PlatformInfo());
+            when(anonymousClient.numbers()).thenAnswer(ic -> {
                 NumbersInfo numbersInfo = new NumbersInfo();
 
                 numbersInfo.getConfCompleteness().put(
@@ -228,7 +232,7 @@ public SyncopeClientFactoryBean newClientFactory() {
 
                 return numbersInfo;
             });
-            when(client.system()).thenReturn(new SystemInfo());
+            when(anonymousClient.system()).thenReturn(new SystemInfo());
 
             SyncopeService syncopeService = getSyncopeService();
             when(client.getService(SyncopeService.class)).thenReturn(syncopeService);
@@ -243,6 +247,7 @@ public SyncopeClientFactoryBean newClientFactory() {
             when(clientFactory.setDomain(any())).thenReturn(clientFactory);
             when(clientFactory.create(any(AuthenticationHandler.class))).thenReturn(client);
             when(clientFactory.create(anyString(), anyString())).thenReturn(client);
+            when(clientFactory.createAnonymous(anyString(), isNull())).thenReturn(anonymousClient);
 
             return clientFactory;
         }

client/idrepo/enduser/src/test/resources/log4j2.xml

@@ -29,7 +29,7 @@ under the License.
 
   <loggers>
 
-    <asyncLogger name="org.apache.syncope.client.lib" additivity="false" level="OFF">
+    <asyncLogger name="org.apache.syncope.client.lib" additivity="false" level="ERROR">
       <appender-ref ref="console"/>
     </asyncLogger>