Small improvement for nested security config (#821)
Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
This commit is contained in:
@@ -87,7 +87,6 @@ import org.springframework.security.web.session.SessionManagementFilter;
|
|||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
import org.vaadin.spring.security.VaadinSecurityContext;
|
import org.vaadin.spring.security.VaadinSecurityContext;
|
||||||
import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
|
import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
|
||||||
import org.vaadin.spring.security.web.VaadinDefaultRedirectStrategy;
|
|
||||||
import org.vaadin.spring.security.web.VaadinRedirectStrategy;
|
import org.vaadin.spring.security.web.VaadinRedirectStrategy;
|
||||||
import org.vaadin.spring.security.web.authentication.VaadinAuthenticationSuccessHandler;
|
import org.vaadin.spring.security.web.authentication.VaadinAuthenticationSuccessHandler;
|
||||||
import org.vaadin.spring.security.web.authentication.VaadinUrlAuthenticationSuccessHandler;
|
import org.vaadin.spring.security.web.authentication.VaadinUrlAuthenticationSuccessHandler;
|
||||||
@@ -179,9 +178,9 @@ public class SecurityManagedConfiguration {
|
|||||||
*/
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
|
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
|
||||||
public FilterRegistrationBean dosDDiFilter(final HawkbitSecurityProperties securityProperties) {
|
public FilterRegistrationBean<DosFilter> dosDDiFilter(final HawkbitSecurityProperties securityProperties) {
|
||||||
|
|
||||||
final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_ANT_MATCHERS),
|
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(Arrays.asList(DDI_ANT_MATCHERS),
|
||||||
securityProperties.getDos().getFilter(), securityProperties.getClients());
|
securityProperties.getDos().getFilter(), securityProperties.getClients());
|
||||||
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
||||||
filterRegBean.setName("dosDDiFilter");
|
filterRegBean.setName("dosDDiFilter");
|
||||||
@@ -295,9 +294,9 @@ public class SecurityManagedConfiguration {
|
|||||||
*/
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
|
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
|
||||||
public FilterRegistrationBean dosDDiDlFilter(final HawkbitSecurityProperties securityProperties) {
|
public FilterRegistrationBean<DosFilter> dosDDiDlFilter(final HawkbitSecurityProperties securityProperties) {
|
||||||
|
|
||||||
final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_DL_ANT_MATCHER),
|
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(Arrays.asList(DDI_DL_ANT_MATCHER),
|
||||||
securityProperties.getDos().getFilter(), securityProperties.getClients());
|
securityProperties.getDos().getFilter(), securityProperties.getClients());
|
||||||
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
||||||
filterRegBean.setName("dosDDiDlFilter");
|
filterRegBean.setName("dosDDiDlFilter");
|
||||||
@@ -385,9 +384,9 @@ public class SecurityManagedConfiguration {
|
|||||||
*/
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
|
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
|
||||||
public FilterRegistrationBean dosSystemFilter(final HawkbitSecurityProperties securityProperties) {
|
public FilterRegistrationBean<DosFilter> dosSystemFilter(final HawkbitSecurityProperties securityProperties) {
|
||||||
|
|
||||||
final FilterRegistrationBean filterRegBean = dosFilter(Collections.emptyList(),
|
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(Collections.emptyList(),
|
||||||
securityProperties.getDos().getFilter(), securityProperties.getClients());
|
securityProperties.getDos().getFilter(), securityProperties.getClients());
|
||||||
filterRegBean.setUrlPatterns(Arrays.asList("/system/*"));
|
filterRegBean.setUrlPatterns(Arrays.asList("/system/*"));
|
||||||
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
||||||
@@ -396,11 +395,11 @@ public class SecurityManagedConfiguration {
|
|||||||
return filterRegBean;
|
return filterRegBean;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static FilterRegistrationBean dosFilter(final Collection<String> includeAntPaths,
|
private static FilterRegistrationBean<DosFilter> dosFilter(final Collection<String> includeAntPaths,
|
||||||
final HawkbitSecurityProperties.Dos.Filter filterProperties,
|
final HawkbitSecurityProperties.Dos.Filter filterProperties,
|
||||||
final HawkbitSecurityProperties.Clients clientProperties) {
|
final HawkbitSecurityProperties.Clients clientProperties) {
|
||||||
|
|
||||||
final FilterRegistrationBean filterRegBean = new FilterRegistrationBean();
|
final FilterRegistrationBean<DosFilter> filterRegBean = new FilterRegistrationBean<>();
|
||||||
|
|
||||||
filterRegBean.setFilter(new DosFilter(includeAntPaths, filterProperties.getMaxRead(),
|
filterRegBean.setFilter(new DosFilter(includeAntPaths, filterProperties.getMaxRead(),
|
||||||
filterProperties.getMaxWrite(), filterProperties.getWhitelist(), clientProperties.getBlacklist(),
|
filterProperties.getMaxWrite(), filterProperties.getWhitelist(), clientProperties.getBlacklist(),
|
||||||
@@ -479,10 +478,10 @@ public class SecurityManagedConfiguration {
|
|||||||
*/
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
|
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
|
||||||
public FilterRegistrationBean dosMgmtFilter(final HawkbitSecurityProperties securityProperties) {
|
public FilterRegistrationBean<DosFilter> dosMgmtFilter(final HawkbitSecurityProperties securityProperties) {
|
||||||
|
|
||||||
final FilterRegistrationBean filterRegBean = dosFilter(null, securityProperties.getDos().getFilter(),
|
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(null,
|
||||||
securityProperties.getClients());
|
securityProperties.getDos().getFilter(), securityProperties.getClients());
|
||||||
filterRegBean.setUrlPatterns(Arrays.asList("/rest/*", "/api/*"));
|
filterRegBean.setUrlPatterns(Arrays.asList("/rest/*", "/api/*"));
|
||||||
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
||||||
filterRegBean.setName("dosMgmtFilter");
|
filterRegBean.setName("dosMgmtFilter");
|
||||||
@@ -545,6 +544,15 @@ public class SecurityManagedConfiguration {
|
|||||||
@Autowired
|
@Autowired
|
||||||
private HawkbitSecurityProperties hawkbitSecurityProperties;
|
private HawkbitSecurityProperties hawkbitSecurityProperties;
|
||||||
|
|
||||||
|
private final VaadinUrlAuthenticationSuccessHandler handler;
|
||||||
|
|
||||||
|
public UISecurityConfigurationAdapter(final VaadinRedirectStrategy redirectStrategy) {
|
||||||
|
handler = new TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler();
|
||||||
|
handler.setRedirectStrategy(redirectStrategy);
|
||||||
|
handler.setDefaultTargetUrl("/UI/");
|
||||||
|
handler.setTargetUrlParameter("r");
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filter to protect the hawkBit management UI against to many requests.
|
* Filter to protect the hawkBit management UI against to many requests.
|
||||||
*
|
*
|
||||||
@@ -556,10 +564,10 @@ public class SecurityManagedConfiguration {
|
|||||||
*/
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.ui-filter", name = "enabled", matchIfMissing = true)
|
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.ui-filter", name = "enabled", matchIfMissing = true)
|
||||||
public FilterRegistrationBean dosMgmtUiFilter(final HawkbitSecurityProperties securityProperties) {
|
public FilterRegistrationBean<DosFilter> dosMgmtUiFilter(final HawkbitSecurityProperties securityProperties) {
|
||||||
|
|
||||||
final FilterRegistrationBean filterRegBean = dosFilter(null, securityProperties.getDos().getUiFilter(),
|
final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(null,
|
||||||
securityProperties.getClients());
|
securityProperties.getDos().getUiFilter(), securityProperties.getClients());
|
||||||
// All URLs that can be called anonymous
|
// All URLs that can be called anonymous
|
||||||
filterRegBean.setUrlPatterns(Arrays.asList("/UI/login", "/UI/login/*", "/UI/logout", "/UI/logout/*"));
|
filterRegBean.setUrlPatterns(Arrays.asList("/UI/login", "/UI/login/*", "/UI/logout", "/UI/logout/*"));
|
||||||
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
filterRegBean.setOrder(DOS_FILTER_ORDER);
|
||||||
@@ -574,35 +582,20 @@ public class SecurityManagedConfiguration {
|
|||||||
*/
|
*/
|
||||||
@PostConstruct
|
@PostConstruct
|
||||||
public void afterPropertiesSet() {
|
public void afterPropertiesSet() {
|
||||||
this.vaadinSecurityContext.addAuthenticationSuccessHandler(redirectSaveHandler());
|
this.vaadinSecurityContext.addAuthenticationSuccessHandler(handler);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean(name = "authenticationManager")
|
|
||||||
@Override
|
@Override
|
||||||
|
@Bean(name = "authenticationManager")
|
||||||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
public AuthenticationManager authenticationManagerBean() throws Exception {
|
||||||
return super.authenticationManagerBean();
|
return super.authenticationManagerBean();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @return The VaadinRedirectStategy
|
|
||||||
*/
|
|
||||||
@Bean
|
|
||||||
public VaadinRedirectStrategy vaadinRedirectStrategy() {
|
|
||||||
return new VaadinDefaultRedirectStrategy();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the vaadin success authentication handler
|
* @return the vaadin success authentication handler
|
||||||
*/
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
public VaadinAuthenticationSuccessHandler redirectSaveHandler() {
|
public VaadinAuthenticationSuccessHandler redirectSaveHandler() {
|
||||||
|
|
||||||
final VaadinUrlAuthenticationSuccessHandler handler = new TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler();
|
|
||||||
|
|
||||||
handler.setRedirectStrategy(vaadinRedirectStrategy());
|
|
||||||
handler.setDefaultTargetUrl("/UI/");
|
|
||||||
handler.setTargetUrlParameter("r");
|
|
||||||
|
|
||||||
return handler;
|
return handler;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user