-
-
Notifications
You must be signed in to change notification settings - Fork 79
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
62 changed files
with
713 additions
and
472 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
src/main/java/org/synyx/urlaubsverwaltung/ServletInitializer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package org.synyx.urlaubsverwaltung; | ||
|
||
import org.springframework.boot.builder.SpringApplicationBuilder; | ||
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; | ||
|
||
public class ServletInitializer extends SpringBootServletInitializer { | ||
|
||
@Override | ||
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) { | ||
return application.sources(UrlaubsverwaltungApplication.class); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
33 changes: 33 additions & 0 deletions
33
src/main/java/org/synyx/urlaubsverwaltung/config/ActiveDirectoryAuthConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package org.synyx.urlaubsverwaltung.config; | ||
|
||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.core.env.Environment; | ||
import org.springframework.ldap.core.support.LdapContextSource; | ||
import org.springframework.security.authentication.AuthenticationProvider; | ||
import org.springframework.security.ldap.authentication.BindAuthenticator; | ||
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; | ||
import org.springframework.security.ldap.authentication.LdapAuthenticator; | ||
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider; | ||
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; | ||
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator; | ||
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; | ||
import org.synyx.urlaubsverwaltung.core.person.PersonService; | ||
import org.synyx.urlaubsverwaltung.security.PersonContextMapper; | ||
import org.synyx.urlaubsverwaltung.security.SimpleAuthenticationProvider; | ||
|
||
@Configuration | ||
@ConditionalOnProperty(name = "auth", havingValue = "activeDirectory") | ||
public class ActiveDirectoryAuthConfiguration { | ||
|
||
@Bean | ||
public AuthenticationProvider activeDirectoryAuthenticationProvider(Environment environment, PersonContextMapper personContextMapper) { | ||
String domain = environment.getProperty("uv.security.activeDirectory.domain"); | ||
String url = environment.getProperty("uv.security.activeDirectory.url"); | ||
ActiveDirectoryLdapAuthenticationProvider authenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(domain, url); | ||
authenticationProvider.setUserDetailsContextMapper(personContextMapper); | ||
return authenticationProvider; | ||
} | ||
|
||
} |
19 changes: 19 additions & 0 deletions
19
src/main/java/org/synyx/urlaubsverwaltung/config/DefaultAuthConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
package org.synyx.urlaubsverwaltung.config; | ||
|
||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.authentication.AuthenticationProvider; | ||
import org.synyx.urlaubsverwaltung.core.person.PersonService; | ||
import org.synyx.urlaubsverwaltung.security.SimpleAuthenticationProvider; | ||
|
||
@Configuration | ||
@ConditionalOnProperty(name = "auth", havingValue = "default") | ||
public class DefaultAuthConfiguration { | ||
|
||
@Bean | ||
public AuthenticationProvider defaultAuthenticationProvider(PersonService personService) { | ||
return new SimpleAuthenticationProvider(personService); | ||
} | ||
|
||
} |
68 changes: 68 additions & 0 deletions
68
src/main/java/org/synyx/urlaubsverwaltung/config/LdapAuthConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
package org.synyx.urlaubsverwaltung.config; | ||
|
||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.core.env.Environment; | ||
import org.springframework.ldap.core.support.LdapContextSource; | ||
import org.springframework.security.authentication.AuthenticationProvider; | ||
import org.springframework.security.ldap.authentication.BindAuthenticator; | ||
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider; | ||
import org.springframework.security.ldap.authentication.LdapAuthenticator; | ||
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider; | ||
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch; | ||
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator; | ||
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; | ||
import org.synyx.urlaubsverwaltung.core.person.PersonService; | ||
import org.synyx.urlaubsverwaltung.security.PersonContextMapper; | ||
import org.synyx.urlaubsverwaltung.security.SimpleAuthenticationProvider; | ||
|
||
@Configuration | ||
@ConditionalOnProperty(name = "auth", havingValue = "ldap") | ||
public class LdapAuthConfiguration { | ||
|
||
@Autowired | ||
private Environment environment; | ||
|
||
@Bean | ||
public LdapContextSource ldapContextSource() { | ||
LdapContextSource source = new LdapContextSource(); | ||
source.setUserDn(environment.getProperty("uv.security.ldap.managerDn")); | ||
source.setPassword(environment.getProperty("uv.security.ldap.managerPassword")); | ||
source.setBase(environment.getProperty("uv.security.ldap.base")); | ||
source.setUrl(environment.getProperty("uv.security.ldap.url")); | ||
return source; | ||
} | ||
|
||
@Bean | ||
public LdapAuthoritiesPopulator authoritiesPopulator() { | ||
return new DefaultLdapAuthoritiesPopulator(ldapContextSource(), null); | ||
} | ||
|
||
@Bean | ||
public FilterBasedLdapUserSearch ldapUserSearch() { | ||
|
||
String searchBase = environment.getProperty("uv.security.ldap.userSearchBase"); | ||
String searchFilter = environment.getProperty("uv.security.ldap.userSearchFilter"); | ||
|
||
return new FilterBasedLdapUserSearch(searchBase, searchFilter, ldapContextSource()); | ||
} | ||
|
||
@Bean | ||
public LdapAuthenticator authenticator() { | ||
BindAuthenticator authenticator = new BindAuthenticator(ldapContextSource()); | ||
authenticator.setUserSearch(ldapUserSearch()); | ||
return authenticator; | ||
} | ||
|
||
@Bean | ||
public AuthenticationProvider ldapAuthenticationProvider(PersonContextMapper personContextMapper) { | ||
|
||
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(authenticator(), authoritiesPopulator()); | ||
ldapAuthenticationProvider.setUserDetailsContextMapper(personContextMapper); | ||
|
||
return ldapAuthenticationProvider; | ||
} | ||
|
||
} |
54 changes: 54 additions & 0 deletions
54
src/main/java/org/synyx/urlaubsverwaltung/config/WebSecurityConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
package org.synyx.urlaubsverwaltung.config; | ||
|
||
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; | ||
import org.springframework.boot.actuate.health.HealthEndpoint; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; | ||
|
||
@Configuration | ||
@EnableWebSecurity | ||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { | ||
|
||
@Override | ||
protected void configure(HttpSecurity http) throws Exception { | ||
|
||
http | ||
.csrf() | ||
.disable() | ||
.authorizeRequests() | ||
// TODO move to common url static or resources | ||
.antMatchers("/css/**").permitAll() | ||
.antMatchers("/fonts/**").permitAll() | ||
.antMatchers("/images/**").permitAll() | ||
.antMatchers("/lib/**").permitAll() | ||
// API | ||
.antMatchers("/api/sicknotes/**").hasAuthority("OFFICE") | ||
.antMatchers("/api/**").authenticated() | ||
// WEB | ||
.antMatchers("/web/overview").hasAuthority("USER") | ||
.antMatchers("/web/application/**").hasAuthority("USER") | ||
.antMatchers("/web/sicknote/**").hasAuthority("USER") | ||
.antMatchers("/web/staff/**").hasAuthority("USER") | ||
.antMatchers("/web/overtime/**").hasAuthority("USER") | ||
.antMatchers("/web/department/**").hasAnyAuthority("BOSS", "OFFICE") | ||
.antMatchers("/web/settings/**").hasAuthority("OFFICE") | ||
.antMatchers("/web/google-api-handshake/**").hasAuthority("OFFICE") | ||
.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll() | ||
// TODO muss konfigurierbar werden! | ||
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasAuthority("ADMIN") | ||
.anyRequest() | ||
.authenticated() | ||
.and() | ||
.formLogin() | ||
.loginPage("/login").permitAll() | ||
.defaultSuccessUrl("/web/overview") | ||
.failureUrl("/login?login_error=1") | ||
.and() | ||
.logout() | ||
.logoutUrl("/logout") | ||
.logoutSuccessUrl("/login"); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.