Skip to content

Commit

Permalink
working openid login
Browse files Browse the repository at this point in the history
  • Loading branch information
@cbellone
cbellone committed Apr 17, 2021
1 parent 2e52ade commit 29602cd
Show file tree
Hide file tree
Showing 23 changed files with 487 additions and 365 deletions.
51 changes: 47 additions & 4 deletions src/main/java/alfio/config/WebSecurityConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,20 @@
import alfio.manager.openid.AdminOpenIdAuthenticationManager;
import alfio.manager.openid.PublicOpenIdAuthenticationManager;
import alfio.manager.system.ConfigurationManager;
import alfio.manager.user.UserManager;
import alfio.repository.user.AuthorityRepository;
import alfio.repository.user.OrganizationRepository;
import alfio.repository.user.UserRepository;
import alfio.repository.user.join.UserOrganizationRepository;
import alfio.util.Json;
import lombok.extern.log4j.Log4j2;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.env.Environment;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;

Expand All @@ -50,14 +58,49 @@ public CsrfTokenRepository getCsrfTokenRepository() {
@Profile("openid")
public AdminOpenIdAuthenticationManager adminOpenIdAuthenticationManager(Environment environment,
HttpClient httpClient,
ConfigurationManager configurationManager) {
return new AdminOpenIdAuthenticationManager(environment, httpClient, configurationManager);
ConfigurationManager configurationManager,
UserManager userManager,
UserRepository userRepository,
AuthorityRepository authorityRepository,
OrganizationRepository organizationRepository,
UserOrganizationRepository userOrganizationRepository,
NamedParameterJdbcTemplate jdbcTemplate,
PasswordEncoder passwordEncoder,
Json json) {
return new AdminOpenIdAuthenticationManager(environment,
httpClient,
configurationManager,
userManager,
userRepository,
authorityRepository,
organizationRepository,
userOrganizationRepository,
jdbcTemplate,
passwordEncoder,
json);
}

@Bean
public PublicOpenIdAuthenticationManager publicOpenIdAuthenticationManager(HttpClient httpClient,
ConfigurationManager configurationManager) {
return new PublicOpenIdAuthenticationManager(httpClient, configurationManager);
ConfigurationManager configurationManager,
UserManager userManager,
UserRepository userRepository,
AuthorityRepository authorityRepository,
OrganizationRepository organizationRepository,
UserOrganizationRepository userOrganizationRepository,
NamedParameterJdbcTemplate jdbcTemplate,
PasswordEncoder passwordEncoder,
Json json) {
return new PublicOpenIdAuthenticationManager(httpClient,
configurationManager,
userManager,
userRepository,
authorityRepository,
organizationRepository,
userOrganizationRepository,
jdbcTemplate,
passwordEncoder,
json);
}

}
40 changes: 19 additions & 21 deletions src/main/java/alfio/config/authentication/AbstractFormBasedWebSecurity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,10 @@
package alfio.config.authentication;

import alfio.config.Initializer;
import alfio.config.authentication.support.RecaptchaLoginFilter;
import alfio.config.authentication.support.UserCreatorBeforeLoginFilter;
import alfio.config.authentication.support.*;
import alfio.manager.RecaptchaService;
import alfio.manager.openid.OpenIdAuthenticationManager;
import alfio.manager.openid.PublicOpenIdAuthenticationManager;
import alfio.manager.system.ConfigurationManager;
import alfio.manager.user.UserManager;
import lombok.AllArgsConstructor;
Expand All @@ -31,9 +32,11 @@
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;

Expand All @@ -56,23 +59,16 @@ abstract class AbstractFormBasedWebSecurity extends WebSecurityConfigurerAdapter
private final CsrfTokenRepository csrfTokenRepository;
private final DataSource dataSource;
private final PasswordEncoder passwordEncoder;
private final PublicOpenIdAuthenticationManager publicOpenIdAuthenticationManager;

@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, enabled from ba_user where username = ?")
.authoritiesByUsernameQuery("select username, role from authority where username = ?")
.passwordEncoder(passwordEncoder);
// call implementation-specific logic
customizeAuthenticationManager(auth);
}

/**
* By using this method, implementations can customize the AuthenticationManager configuration
*
* @param auth
*/
protected void customizeAuthenticationManager(AuthenticationManagerBuilder auth) {
.passwordEncoder(passwordEncoder)
.and()
.authenticationProvider(new OpenIdAuthenticationProvider());
}

@Override
Expand Down Expand Up @@ -155,6 +151,9 @@ protected void configure(HttpSecurity http) throws Exception {
.failureUrl("/authentication?failed")
.and().logout().permitAll();

http.addFilterBefore(openIdPublicCallbackLoginFilter(publicOpenIdAuthenticationManager), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(openIdPublicAuthenticationFilter(publicOpenIdAuthenticationManager), AnonymousAuthenticationFilter.class);


//
http.addFilterBefore(new RecaptchaLoginFilter(recaptchaService, "/authenticate", "/authentication?recaptchaFailed", configurationManager), UsernamePasswordAuthenticationFilter.class);
Expand Down Expand Up @@ -194,15 +193,14 @@ protected void configure(HttpSecurity http) throws Exception {
protected void addAdditionalFilters(HttpSecurity http) throws Exception {
}

protected UserManager getUserManager() {
return userManager;
}

protected PasswordEncoder getPasswordEncoder() {
return passwordEncoder;
private OpenIdAuthenticationFilter openIdPublicAuthenticationFilter(OpenIdAuthenticationManager openIdAuthenticationManager) {
return new OpenIdAuthenticationFilter("/openid/authentication", openIdAuthenticationManager, "/");
}

protected Environment getEnvironment() {
return environment;
private OpenIdCallbackLoginFilter openIdPublicCallbackLoginFilter(OpenIdAuthenticationManager openIdAuthenticationManager) throws Exception {
// configurationManager
return new OpenIdCallbackLoginFilter(openIdAuthenticationManager,
new AntPathRequestMatcher("/openid/callback", "GET"),
authenticationManager());
}
}
15 changes: 12 additions & 3 deletions src/main/java/alfio/config/authentication/FormBasedWebSecurity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
package alfio.config.authentication;

import alfio.manager.RecaptchaService;
import alfio.manager.openid.PublicOpenIdAuthenticationManager;
import alfio.manager.system.ConfigurationManager;
import alfio.manager.user.UserManager;
import org.springframework.context.annotation.Configuration;
Expand All @@ -33,15 +34,23 @@
*/
@Profile("!openid")
@Configuration
@Order(3)
@Order(1)
public class FormBasedWebSecurity extends AbstractFormBasedWebSecurity {
public FormBasedWebSecurity(Environment environment,
UserManager userManager,
RecaptchaService recaptchaService,
ConfigurationManager configurationManager,
CsrfTokenRepository csrfTokenRepository,
DataSource dataSource,
PasswordEncoder passwordEncoder) {
super(environment, userManager, recaptchaService, configurationManager, csrfTokenRepository, dataSource, passwordEncoder);
PasswordEncoder passwordEncoder,
PublicOpenIdAuthenticationManager publicOpenIdAuthenticationManager) {
super(environment,
userManager,
recaptchaService,
configurationManager,
csrfTokenRepository,
dataSource,
passwordEncoder,
publicOpenIdAuthenticationManager);
}
}
50 changes: 15 additions & 35 deletions src/main/java/alfio/config/authentication/OpenIdAdminWebSecurity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,24 +16,19 @@
*/
package alfio.config.authentication;

import alfio.config.authentication.support.OpenIdAdminAuthenticationFilter;
import alfio.config.authentication.support.OpenIdAdminCallbackLoginFilter;
import alfio.config.authentication.support.OpenIdAuthenticationProvider;
import alfio.config.authentication.support.OpenIdAuthenticationFilter;
import alfio.config.authentication.support.OpenIdCallbackLoginFilter;
import alfio.config.authentication.support.OpenIdPublicAuthenticationFilter;
import alfio.manager.RecaptchaService;
import alfio.manager.openid.AdminOpenIdAuthenticationManager;
import alfio.manager.openid.PublicOpenIdAuthenticationManager;
import alfio.manager.system.ConfigurationManager;
import alfio.manager.user.UserManager;
import alfio.repository.user.AuthorityRepository;
import alfio.repository.user.OrganizationRepository;
import alfio.repository.user.UserRepository;
import alfio.repository.user.join.UserOrganizationRepository;
import lombok.extern.log4j.Log4j2;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
Expand All @@ -49,10 +44,6 @@
public class OpenIdAdminWebSecurity extends AbstractFormBasedWebSecurity {

private final AdminOpenIdAuthenticationManager adminOpenIdAuthenticationManager;
private final UserRepository userRepository;
private final AuthorityRepository authorityRepository;
private final UserOrganizationRepository userOrganizationRepository;
private final OrganizationRepository organizationRepository;

public OpenIdAdminWebSecurity(Environment environment,
UserManager userManager,
Expand All @@ -62,36 +53,25 @@ public OpenIdAdminWebSecurity(Environment environment,
DataSource dataSource,
PasswordEncoder passwordEncoder,
AdminOpenIdAuthenticationManager adminOpenIdAuthenticationManager,
UserRepository userRepository,
AuthorityRepository authorityRepository,
UserOrganizationRepository userOrganizationRepository,
OrganizationRepository organizationRepository) {
super(environment, userManager, recaptchaService, configurationManager, csrfTokenRepository, dataSource, passwordEncoder);
PublicOpenIdAuthenticationManager openIdAuthenticationManager) {
super(environment,
userManager,
recaptchaService,
configurationManager,
csrfTokenRepository,
dataSource,
passwordEncoder,
openIdAuthenticationManager);
this.adminOpenIdAuthenticationManager = adminOpenIdAuthenticationManager;
this.userRepository = userRepository;
this.authorityRepository = authorityRepository;
this.userOrganizationRepository = userOrganizationRepository;
this.organizationRepository = organizationRepository;
}

@Override
protected void customizeAuthenticationManager(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(new OpenIdAuthenticationProvider());
}

@Override
protected void addAdditionalFilters(HttpSecurity http) throws Exception {
var callbackLoginFilter = new OpenIdAdminCallbackLoginFilter(adminOpenIdAuthenticationManager,
var callbackLoginFilter = new OpenIdCallbackLoginFilter(adminOpenIdAuthenticationManager,
new AntPathRequestMatcher("/callback", "GET"),
authenticationManager(),
userRepository,
authorityRepository,
getPasswordEncoder(),
getUserManager(),
userOrganizationRepository,
organizationRepository);
authenticationManager());
http.addFilterBefore(callbackLoginFilter, UsernamePasswordAuthenticationFilter.class);
log.trace("adding openid filter");
http.addFilterAfter(new OpenIdAdminAuthenticationFilter("/authentication", adminOpenIdAuthenticationManager), OpenIdPublicAuthenticationFilter.class);
http.addFilterAfter(new OpenIdAuthenticationFilter("/authentication", adminOpenIdAuthenticationManager, "/"), OpenIdPublicAuthenticationFilter.class);
}
}
69 changes: 0 additions & 69 deletions src/main/java/alfio/config/authentication/OpenIdPublicWebSecurity.java
View file

This file was deleted.

Loading

0 comments on commit 29602cd

Please sign in to comment.