Merge 09f46d9 into 8ed01d6

urlaubsverwaltung · Mar 6, 2019 · c2b193c · c2b193c
2 parents 8ed01d6 + 09f46d9
commit c2b193c
Show file tree

Hide file tree

Showing 62 changed files with 713 additions and 472 deletions.
diff --git a/pom.xml b/pom.xml
@@ -30,13 +30,14 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>1.5.19.RELEASE</version>
-        <relativePath />
+        <version>2.1.3.RELEASE</version>
     </parent>
 
     <properties>
         <maven.javadoc.skip>true</maven.javadoc.skip>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <maven.compiler.showWarnings>true</maven.compiler.showWarnings>
+        <maven.compiler.showDeprecation>true</maven.compiler.showDeprecation>
         <java.version>1.8</java.version>
         <joda.time.version>2.7</joda.time.version>
         <mail.version>1.4.7</mail.version>
@@ -98,21 +99,15 @@
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-security</artifactId>
+            <artifactId>spring-boot-starter-logging</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-logging</artifactId>
+            <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-ldap</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.springframework.ldap</groupId>
-                    <artifactId>spring-ldap-core</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springframework.ldap</groupId>

diff --git a/src/main/java/org/synyx/urlaubsverwaltung/ServletInitializer.java b/src/main/java/org/synyx/urlaubsverwaltung/ServletInitializer.java
@@ -0,0 +1,13 @@
+package org.synyx.urlaubsverwaltung;
+
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+
+public class ServletInitializer extends SpringBootServletInitializer {
+
+    @Override
+    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
+        return application.sources(UrlaubsverwaltungApplication.class);
+    }
+
+}
diff --git a/src/main/java/org/synyx/urlaubsverwaltung/UrlaubsverwaltungApplication.java b/src/main/java/org/synyx/urlaubsverwaltung/UrlaubsverwaltungApplication.java
@@ -2,9 +2,6 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.builder.SpringApplicationBuilder;
-import org.springframework.boot.web.support.SpringBootServletInitializer;
-import org.springframework.context.annotation.ImportResource;
 import org.springframework.scheduling.annotation.EnableScheduling;
 
 
@@ -15,13 +12,7 @@
  */
 @SpringBootApplication
 @EnableScheduling
-@ImportResource({ "classpath:spring-security.xml" })
-public class UrlaubsverwaltungApplication extends SpringBootServletInitializer { // NOSONAR - no private constructor needed
-
-    @Override
-    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
-        return application.sources(UrlaubsverwaltungApplication.class);
-    }
+public class UrlaubsverwaltungApplication { // NOSONAR - no private constructor needed
 
     /**
      * Start the Urlaubsverwaltung Spring Boot application.

diff --git a/src/main/java/org/synyx/urlaubsverwaltung/config/ActiveDirectoryAuthConfiguration.java b/src/main/java/org/synyx/urlaubsverwaltung/config/ActiveDirectoryAuthConfiguration.java
@@ -0,0 +1,33 @@
+package org.synyx.urlaubsverwaltung.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
+import org.springframework.ldap.core.support.LdapContextSource;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.ldap.authentication.BindAuthenticator;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
+import org.springframework.security.ldap.authentication.LdapAuthenticator;
+import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
+import org.synyx.urlaubsverwaltung.core.person.PersonService;
+import org.synyx.urlaubsverwaltung.security.PersonContextMapper;
+import org.synyx.urlaubsverwaltung.security.SimpleAuthenticationProvider;
+
+@Configuration
+@ConditionalOnProperty(name = "auth", havingValue = "activeDirectory")
+public class ActiveDirectoryAuthConfiguration {
+
+    @Bean
+    public AuthenticationProvider activeDirectoryAuthenticationProvider(Environment environment, PersonContextMapper personContextMapper) {
+        String domain = environment.getProperty("uv.security.activeDirectory.domain");
+        String url = environment.getProperty("uv.security.activeDirectory.url");
+        ActiveDirectoryLdapAuthenticationProvider authenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(domain, url);
+        authenticationProvider.setUserDetailsContextMapper(personContextMapper);
+        return authenticationProvider;
+    }
+
+}
diff --git a/src/main/java/org/synyx/urlaubsverwaltung/config/DefaultAuthConfiguration.java b/src/main/java/org/synyx/urlaubsverwaltung/config/DefaultAuthConfiguration.java
@@ -0,0 +1,19 @@
+package org.synyx.urlaubsverwaltung.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.synyx.urlaubsverwaltung.core.person.PersonService;
+import org.synyx.urlaubsverwaltung.security.SimpleAuthenticationProvider;
+
+@Configuration
+@ConditionalOnProperty(name = "auth", havingValue = "default")
+public class DefaultAuthConfiguration {
+
+    @Bean
+    public AuthenticationProvider defaultAuthenticationProvider(PersonService personService) {
+        return new SimpleAuthenticationProvider(personService);
+    }
+
+}
diff --git a/src/main/java/org/synyx/urlaubsverwaltung/config/LdapAuthConfiguration.java b/src/main/java/org/synyx/urlaubsverwaltung/config/LdapAuthConfiguration.java
@@ -0,0 +1,68 @@
+package org.synyx.urlaubsverwaltung.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
+import org.springframework.ldap.core.support.LdapContextSource;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.ldap.authentication.BindAuthenticator;
+import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
+import org.springframework.security.ldap.authentication.LdapAuthenticator;
+import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
+import org.synyx.urlaubsverwaltung.core.person.PersonService;
+import org.synyx.urlaubsverwaltung.security.PersonContextMapper;
+import org.synyx.urlaubsverwaltung.security.SimpleAuthenticationProvider;
+
+@Configuration
+@ConditionalOnProperty(name = "auth", havingValue = "ldap")
+public class LdapAuthConfiguration {
+
+    @Autowired
+    private Environment environment;
+
+    @Bean
+    public LdapContextSource ldapContextSource() {
+        LdapContextSource source = new LdapContextSource();
+        source.setUserDn(environment.getProperty("uv.security.ldap.managerDn"));
+        source.setPassword(environment.getProperty("uv.security.ldap.managerPassword"));
+        source.setBase(environment.getProperty("uv.security.ldap.base"));
+        source.setUrl(environment.getProperty("uv.security.ldap.url"));
+        return source;
+    }
+
+    @Bean
+    public LdapAuthoritiesPopulator authoritiesPopulator() {
+        return new DefaultLdapAuthoritiesPopulator(ldapContextSource(), null);
+    }
+
+    @Bean
+    public FilterBasedLdapUserSearch ldapUserSearch() {
+
+        String searchBase = environment.getProperty("uv.security.ldap.userSearchBase");
+        String searchFilter = environment.getProperty("uv.security.ldap.userSearchFilter");
+
+        return new FilterBasedLdapUserSearch(searchBase, searchFilter, ldapContextSource());
+    }
+
+    @Bean
+    public LdapAuthenticator authenticator() {
+        BindAuthenticator authenticator = new BindAuthenticator(ldapContextSource());
+        authenticator.setUserSearch(ldapUserSearch());
+        return authenticator;
+    }
+
+    @Bean
+    public AuthenticationProvider ldapAuthenticationProvider(PersonContextMapper personContextMapper) {
+
+        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(authenticator(), authoritiesPopulator());
+        ldapAuthenticationProvider.setUserDetailsContextMapper(personContextMapper);
+
+        return ldapAuthenticationProvider;
+    }
+
+}
diff --git a/src/main/java/org/synyx/urlaubsverwaltung/config/WebSecurityConfig.java b/src/main/java/org/synyx/urlaubsverwaltung/config/WebSecurityConfig.java
@@ -0,0 +1,54 @@
+package org.synyx.urlaubsverwaltung.config;
+
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
+import org.springframework.boot.actuate.health.HealthEndpoint;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        http
+            .csrf()
+                .disable()
+            .authorizeRequests()
+                // TODO move to common url static or resources
+                .antMatchers("/css/**").permitAll()
+                .antMatchers("/fonts/**").permitAll()
+                .antMatchers("/images/**").permitAll()
+                .antMatchers("/lib/**").permitAll()
+                // API
+                .antMatchers("/api/sicknotes/**").hasAuthority("OFFICE")
+                .antMatchers("/api/**").authenticated()
+                // WEB
+                .antMatchers("/web/overview").hasAuthority("USER")
+                .antMatchers("/web/application/**").hasAuthority("USER")
+                .antMatchers("/web/sicknote/**").hasAuthority("USER")
+                .antMatchers("/web/staff/**").hasAuthority("USER")
+                .antMatchers("/web/overtime/**").hasAuthority("USER")
+                .antMatchers("/web/department/**").hasAnyAuthority("BOSS", "OFFICE")
+                .antMatchers("/web/settings/**").hasAuthority("OFFICE")
+                .antMatchers("/web/google-api-handshake/**").hasAuthority("OFFICE")
+                .requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll()
+                // TODO muss konfigurierbar werden!
+                .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAuthority("ADMIN")
+                .anyRequest()
+                    .authenticated()
+                .and()
+                    .formLogin()
+                        .loginPage("/login").permitAll()
+                            .defaultSuccessUrl("/web/overview")
+                            .failureUrl("/login?login_error=1")
+                .and()
+                    .logout()
+                        .logoutUrl("/logout")
+                        .logoutSuccessUrl("/login");
+    }
+
+}
diff --git a/...ain/java/org/synyx/urlaubsverwaltung/core/application/service/ApplicationServiceImpl.java b/...ain/java/org/synyx/urlaubsverwaltung/core/application/service/ApplicationServiceImpl.java
@@ -2,20 +2,15 @@
 package org.synyx.urlaubsverwaltung.core.application.service;
 
 import org.joda.time.DateMidnight;
-
 import org.springframework.beans.factory.annotation.Autowired;
-
 import org.springframework.stereotype.Service;
-
 import org.springframework.util.Assert;
-
 import org.synyx.urlaubsverwaltung.core.application.dao.ApplicationDAO;
 import org.synyx.urlaubsverwaltung.core.application.domain.Application;
 import org.synyx.urlaubsverwaltung.core.application.domain.ApplicationStatus;
 import org.synyx.urlaubsverwaltung.core.person.Person;
 
 import java.math.BigDecimal;
-
 import java.util.List;
 import java.util.Optional;
 
@@ -39,7 +34,7 @@ class ApplicationServiceImpl implements ApplicationService {
     @Override
     public Optional<Application> getApplicationById(Integer id) {
 
-        return Optional.ofNullable(applicationDAO.findOne(id));
+        return applicationDAO.findById(id);
     }
 
 
@@ -87,13 +82,7 @@ public BigDecimal getTotalOvertimeReductionOfPerson(Person person) {
 
         Assert.notNull(person, "Person to get overtime reduction for must be given.");
 
-        Optional<BigDecimal> overtimeReduction = Optional.ofNullable(applicationDAO.calculateTotalOvertimeOfPerson(
-                    person));
-
-        if (overtimeReduction.isPresent()) {
-            return overtimeReduction.get();
-        }
-
-        return BigDecimal.ZERO;
+        return Optional.ofNullable(applicationDAO.calculateTotalOvertimeOfPerson(person))
+            .orElse(BigDecimal.ZERO);
     }
 }
diff --git a/src/main/java/org/synyx/urlaubsverwaltung/core/department/DepartmentServiceImpl.java b/src/main/java/org/synyx/urlaubsverwaltung/core/department/DepartmentServiceImpl.java
@@ -47,8 +47,7 @@ public DepartmentServiceImpl(DepartmentDAO departmentDAO, ApplicationService app
 
     @Override
     public Optional<Department> getDepartmentById(Integer departmentId) {
-
-        return Optional.ofNullable(departmentDAO.findOne(departmentId));
+        return  departmentDAO.findById(departmentId);
     }
 
 
@@ -75,10 +74,10 @@ public void update(Department department) {
     @Override
     public void delete(Integer departmentId) {
 
-        if (departmentDAO.findOne(departmentId) == null) {
-            LOG.info("No department found for ID = {}, deletion is not necessary.", departmentId);
+        if(departmentDAO.findById(departmentId).isPresent()) {
+            departmentDAO.deleteById(departmentId);
         } else {
-            departmentDAO.delete(departmentId);
+            LOG.info("No department found for ID = {}, deletion is not necessary.", departmentId);
         }
     }
 

diff --git a/src/main/java/org/synyx/urlaubsverwaltung/core/overtime/OvertimeServiceImpl.java b/src/main/java/org/synyx/urlaubsverwaltung/core/overtime/OvertimeServiceImpl.java
@@ -95,7 +95,7 @@ public Optional<Overtime> getOvertimeById(Integer id) {
 
         Assert.notNull(id, "ID must be given.");
 
-        return Optional.ofNullable(overtimeDAO.findOne(id));
+        return overtimeDAO.findById(id);
     }
 
 

diff --git a/src/main/java/org/synyx/urlaubsverwaltung/core/person/PersonServiceImpl.java b/src/main/java/org/synyx/urlaubsverwaltung/core/person/PersonServiceImpl.java
@@ -106,7 +106,7 @@ public void save(Person person) {
     @Override
     public Optional<Person> getPersonByID(Integer id) {
 
-        return Optional.ofNullable(personDAO.findOne(id));
+        return personDAO.findById(id);
     }
 
 

diff --git a/src/main/java/org/synyx/urlaubsverwaltung/core/settings/SettingsServiceImpl.java b/src/main/java/org/synyx/urlaubsverwaltung/core/settings/SettingsServiceImpl.java
@@ -7,6 +7,8 @@
 
 import org.springframework.stereotype.Service;
 
+import java.util.Optional;
+
 
 /**
  * Implementation for {@link org.synyx.urlaubsverwaltung.core.settings.SettingsService}.
@@ -39,12 +41,7 @@ public void save(Settings settings) {
     public Settings getSettings() {
 
         // TODO: Maybe fixed in future for different settings (based on date,...)
-        Settings result = settingsDAO.findOne(1);
-
-        if (result == null) {
-            throw new IllegalStateException("No settings in database found.");
-        }
-
-        return result;
+        return settingsDAO.findById(1)
+            .orElseThrow(() -> new IllegalStateException("No settings in database found."));
     }
 }
diff --git a/src/main/java/org/synyx/urlaubsverwaltung/core/sicknote/SickNote.java b/src/main/java/org/synyx/urlaubsverwaltung/core/sicknote/SickNote.java
@@ -83,7 +83,7 @@ public SickNote() {
         this.lastEdited = DateTime.now().withTimeAtStartOfDay().toDate();
     }
 
-    public final Person getPerson() {
+    public Person getPerson() {
 
         return person;
     }
@@ -107,7 +107,7 @@ public void setSickNoteType(SickNoteType sickNoteType) {
     }
 
 
-    public final DateMidnight getStartDate() {
+    public DateMidnight getStartDate() {
 
         if (this.startDate == null) {
             return null;
@@ -147,7 +147,7 @@ public void setEndDate(DateMidnight endDate) {
     }
 
 
-    public final DayLength getDayLength() {
+    public DayLength getDayLength() {
 
         return dayLength;
     }