Small improvement for nested security config (#821)

Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
This commit is contained in:
Dominic Schabel
2019-04-17 10:56:04 +02:00
committed by GitHub
parent 191d64cbbc
commit 44e753a08b

View File

@@ -87,7 +87,6 @@ import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.util.StringUtils;
import org.vaadin.spring.security.VaadinSecurityContext;
import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
import org.vaadin.spring.security.web.VaadinDefaultRedirectStrategy;
import org.vaadin.spring.security.web.VaadinRedirectStrategy;
import org.vaadin.spring.security.web.authentication.VaadinAuthenticationSuccessHandler;
import org.vaadin.spring.security.web.authentication.VaadinUrlAuthenticationSuccessHandler;
@@ -179,9 +178,9 @@ public class SecurityManagedConfiguration {
*/
@Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosDDiFilter(final HawkbitSecurityProperties securityProperties) {
public FilterRegistrationBean<DosFilter> dosDDiFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_ANT_MATCHERS),
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(Arrays.asList(DDI_ANT_MATCHERS),
securityProperties.getDos().getFilter(), securityProperties.getClients());
filterRegBean.setOrder(DOS_FILTER_ORDER);
filterRegBean.setName("dosDDiFilter");
@@ -295,9 +294,9 @@ public class SecurityManagedConfiguration {
*/
@Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosDDiDlFilter(final HawkbitSecurityProperties securityProperties) {
public FilterRegistrationBean<DosFilter> dosDDiDlFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_DL_ANT_MATCHER),
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(Arrays.asList(DDI_DL_ANT_MATCHER),
securityProperties.getDos().getFilter(), securityProperties.getClients());
filterRegBean.setOrder(DOS_FILTER_ORDER);
filterRegBean.setName("dosDDiDlFilter");
@@ -385,9 +384,9 @@ public class SecurityManagedConfiguration {
*/
@Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosSystemFilter(final HawkbitSecurityProperties securityProperties) {
public FilterRegistrationBean<DosFilter> dosSystemFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(Collections.emptyList(),
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(Collections.emptyList(),
securityProperties.getDos().getFilter(), securityProperties.getClients());
filterRegBean.setUrlPatterns(Arrays.asList("/system/*"));
filterRegBean.setOrder(DOS_FILTER_ORDER);
@@ -396,11 +395,11 @@ public class SecurityManagedConfiguration {
return filterRegBean;
}
private static FilterRegistrationBean dosFilter(final Collection<String> includeAntPaths,
private static FilterRegistrationBean<DosFilter> dosFilter(final Collection<String> includeAntPaths,
final HawkbitSecurityProperties.Dos.Filter filterProperties,
final HawkbitSecurityProperties.Clients clientProperties) {
final FilterRegistrationBean filterRegBean = new FilterRegistrationBean();
final FilterRegistrationBean<DosFilter> filterRegBean = new FilterRegistrationBean<>();
filterRegBean.setFilter(new DosFilter(includeAntPaths, filterProperties.getMaxRead(),
filterProperties.getMaxWrite(), filterProperties.getWhitelist(), clientProperties.getBlacklist(),
@@ -479,10 +478,10 @@ public class SecurityManagedConfiguration {
*/
@Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosMgmtFilter(final HawkbitSecurityProperties securityProperties) {
public FilterRegistrationBean<DosFilter> dosMgmtFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(null, securityProperties.getDos().getFilter(),
securityProperties.getClients());
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(null,
securityProperties.getDos().getFilter(), securityProperties.getClients());
filterRegBean.setUrlPatterns(Arrays.asList("/rest/*", "/api/*"));
filterRegBean.setOrder(DOS_FILTER_ORDER);
filterRegBean.setName("dosMgmtFilter");
@@ -545,6 +544,15 @@ public class SecurityManagedConfiguration {
@Autowired
private HawkbitSecurityProperties hawkbitSecurityProperties;
private final VaadinUrlAuthenticationSuccessHandler handler;
public UISecurityConfigurationAdapter(final VaadinRedirectStrategy redirectStrategy) {
handler = new TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler();
handler.setRedirectStrategy(redirectStrategy);
handler.setDefaultTargetUrl("/UI/");
handler.setTargetUrlParameter("r");
}
/**
* Filter to protect the hawkBit management UI against to many requests.
*
@@ -556,10 +564,10 @@ public class SecurityManagedConfiguration {
*/
@Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.ui-filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosMgmtUiFilter(final HawkbitSecurityProperties securityProperties) {
public FilterRegistrationBean<DosFilter> dosMgmtUiFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(null, securityProperties.getDos().getUiFilter(),
securityProperties.getClients());
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(null,
securityProperties.getDos().getUiFilter(), securityProperties.getClients());
// All URLs that can be called anonymous
filterRegBean.setUrlPatterns(Arrays.asList("/UI/login", "/UI/login/*", "/UI/logout", "/UI/logout/*"));
filterRegBean.setOrder(DOS_FILTER_ORDER);
@@ -574,35 +582,20 @@ public class SecurityManagedConfiguration {
*/
@PostConstruct
public void afterPropertiesSet() {
this.vaadinSecurityContext.addAuthenticationSuccessHandler(redirectSaveHandler());
this.vaadinSecurityContext.addAuthenticationSuccessHandler(handler);
}
@Bean(name = "authenticationManager")
@Override
@Bean(name = "authenticationManager")
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/**
* @return The VaadinRedirectStategy
*/
@Bean
public VaadinRedirectStrategy vaadinRedirectStrategy() {
return new VaadinDefaultRedirectStrategy();
}
/**
* @return the vaadin success authentication handler
*/
@Bean
public VaadinAuthenticationSuccessHandler redirectSaveHandler() {
final VaadinUrlAuthenticationSuccessHandler handler = new TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler();
handler.setRedirectStrategy(vaadinRedirectStrategy());
handler.setDefaultTargetUrl("/UI/");
handler.setTargetUrlParameter("r");
return handler;
}