Small improvement for nested security config (#821)

Signed-off-by: Dominic Schabel <dominic.schabel@bosch-si.com>
This commit is contained in:
Dominic Schabel
2019-04-17 10:56:04 +02:00
committed by GitHub
parent 191d64cbbc
commit 44e753a08b

View File

@@ -87,7 +87,6 @@ import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.vaadin.spring.security.VaadinSecurityContext; import org.vaadin.spring.security.VaadinSecurityContext;
import org.vaadin.spring.security.annotation.EnableVaadinSecurity; import org.vaadin.spring.security.annotation.EnableVaadinSecurity;
import org.vaadin.spring.security.web.VaadinDefaultRedirectStrategy;
import org.vaadin.spring.security.web.VaadinRedirectStrategy; import org.vaadin.spring.security.web.VaadinRedirectStrategy;
import org.vaadin.spring.security.web.authentication.VaadinAuthenticationSuccessHandler; import org.vaadin.spring.security.web.authentication.VaadinAuthenticationSuccessHandler;
import org.vaadin.spring.security.web.authentication.VaadinUrlAuthenticationSuccessHandler; import org.vaadin.spring.security.web.authentication.VaadinUrlAuthenticationSuccessHandler;
@@ -179,9 +178,9 @@ public class SecurityManagedConfiguration {
*/ */
@Bean @Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true) @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosDDiFilter(final HawkbitSecurityProperties securityProperties) { public FilterRegistrationBean<DosFilter> dosDDiFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_ANT_MATCHERS), final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(Arrays.asList(DDI_ANT_MATCHERS),
securityProperties.getDos().getFilter(), securityProperties.getClients()); securityProperties.getDos().getFilter(), securityProperties.getClients());
filterRegBean.setOrder(DOS_FILTER_ORDER); filterRegBean.setOrder(DOS_FILTER_ORDER);
filterRegBean.setName("dosDDiFilter"); filterRegBean.setName("dosDDiFilter");
@@ -295,9 +294,9 @@ public class SecurityManagedConfiguration {
*/ */
@Bean @Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true) @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosDDiDlFilter(final HawkbitSecurityProperties securityProperties) { public FilterRegistrationBean<DosFilter> dosDDiDlFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(Arrays.asList(DDI_DL_ANT_MATCHER), final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(Arrays.asList(DDI_DL_ANT_MATCHER),
securityProperties.getDos().getFilter(), securityProperties.getClients()); securityProperties.getDos().getFilter(), securityProperties.getClients());
filterRegBean.setOrder(DOS_FILTER_ORDER); filterRegBean.setOrder(DOS_FILTER_ORDER);
filterRegBean.setName("dosDDiDlFilter"); filterRegBean.setName("dosDDiDlFilter");
@@ -385,9 +384,9 @@ public class SecurityManagedConfiguration {
*/ */
@Bean @Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true) @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosSystemFilter(final HawkbitSecurityProperties securityProperties) { public FilterRegistrationBean<DosFilter> dosSystemFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(Collections.emptyList(), final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(Collections.emptyList(),
securityProperties.getDos().getFilter(), securityProperties.getClients()); securityProperties.getDos().getFilter(), securityProperties.getClients());
filterRegBean.setUrlPatterns(Arrays.asList("/system/*")); filterRegBean.setUrlPatterns(Arrays.asList("/system/*"));
filterRegBean.setOrder(DOS_FILTER_ORDER); filterRegBean.setOrder(DOS_FILTER_ORDER);
@@ -396,11 +395,11 @@ public class SecurityManagedConfiguration {
return filterRegBean; return filterRegBean;
} }
private static FilterRegistrationBean dosFilter(final Collection<String> includeAntPaths, private static FilterRegistrationBean<DosFilter> dosFilter(final Collection<String> includeAntPaths,
final HawkbitSecurityProperties.Dos.Filter filterProperties, final HawkbitSecurityProperties.Dos.Filter filterProperties,
final HawkbitSecurityProperties.Clients clientProperties) { final HawkbitSecurityProperties.Clients clientProperties) {
final FilterRegistrationBean filterRegBean = new FilterRegistrationBean(); final FilterRegistrationBean<DosFilter> filterRegBean = new FilterRegistrationBean<>();
filterRegBean.setFilter(new DosFilter(includeAntPaths, filterProperties.getMaxRead(), filterRegBean.setFilter(new DosFilter(includeAntPaths, filterProperties.getMaxRead(),
filterProperties.getMaxWrite(), filterProperties.getWhitelist(), clientProperties.getBlacklist(), filterProperties.getMaxWrite(), filterProperties.getWhitelist(), clientProperties.getBlacklist(),
@@ -479,10 +478,10 @@ public class SecurityManagedConfiguration {
*/ */
@Bean @Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true) @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosMgmtFilter(final HawkbitSecurityProperties securityProperties) { public FilterRegistrationBean<DosFilter> dosMgmtFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(null, securityProperties.getDos().getFilter(), final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(null,
securityProperties.getClients()); securityProperties.getDos().getFilter(), securityProperties.getClients());
filterRegBean.setUrlPatterns(Arrays.asList("/rest/*", "/api/*")); filterRegBean.setUrlPatterns(Arrays.asList("/rest/*", "/api/*"));
filterRegBean.setOrder(DOS_FILTER_ORDER); filterRegBean.setOrder(DOS_FILTER_ORDER);
filterRegBean.setName("dosMgmtFilter"); filterRegBean.setName("dosMgmtFilter");
@@ -545,6 +544,15 @@ public class SecurityManagedConfiguration {
@Autowired @Autowired
private HawkbitSecurityProperties hawkbitSecurityProperties; private HawkbitSecurityProperties hawkbitSecurityProperties;
private final VaadinUrlAuthenticationSuccessHandler handler;
public UISecurityConfigurationAdapter(final VaadinRedirectStrategy redirectStrategy) {
handler = new TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler();
handler.setRedirectStrategy(redirectStrategy);
handler.setDefaultTargetUrl("/UI/");
handler.setTargetUrlParameter("r");
}
/** /**
* Filter to protect the hawkBit management UI against to many requests. * Filter to protect the hawkBit management UI against to many requests.
* *
@@ -556,10 +564,10 @@ public class SecurityManagedConfiguration {
*/ */
@Bean @Bean
@ConditionalOnProperty(prefix = "hawkbit.server.security.dos.ui-filter", name = "enabled", matchIfMissing = true) @ConditionalOnProperty(prefix = "hawkbit.server.security.dos.ui-filter", name = "enabled", matchIfMissing = true)
public FilterRegistrationBean dosMgmtUiFilter(final HawkbitSecurityProperties securityProperties) { public FilterRegistrationBean<DosFilter> dosMgmtUiFilter(final HawkbitSecurityProperties securityProperties) {
final FilterRegistrationBean filterRegBean = dosFilter(null, securityProperties.getDos().getUiFilter(), final FilterRegistrationBean<DosFilter> filterRegBean = dosFilter(null,
securityProperties.getClients()); securityProperties.getDos().getUiFilter(), securityProperties.getClients());
// All URLs that can be called anonymous // All URLs that can be called anonymous
filterRegBean.setUrlPatterns(Arrays.asList("/UI/login", "/UI/login/*", "/UI/logout", "/UI/logout/*")); filterRegBean.setUrlPatterns(Arrays.asList("/UI/login", "/UI/login/*", "/UI/logout", "/UI/logout/*"));
filterRegBean.setOrder(DOS_FILTER_ORDER); filterRegBean.setOrder(DOS_FILTER_ORDER);
@@ -574,35 +582,20 @@ public class SecurityManagedConfiguration {
*/ */
@PostConstruct @PostConstruct
public void afterPropertiesSet() { public void afterPropertiesSet() {
this.vaadinSecurityContext.addAuthenticationSuccessHandler(redirectSaveHandler()); this.vaadinSecurityContext.addAuthenticationSuccessHandler(handler);
} }
@Bean(name = "authenticationManager")
@Override @Override
@Bean(name = "authenticationManager")
public AuthenticationManager authenticationManagerBean() throws Exception { public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean(); return super.authenticationManagerBean();
} }
/**
* @return The VaadinRedirectStategy
*/
@Bean
public VaadinRedirectStrategy vaadinRedirectStrategy() {
return new VaadinDefaultRedirectStrategy();
}
/** /**
* @return the vaadin success authentication handler * @return the vaadin success authentication handler
*/ */
@Bean @Bean
public VaadinAuthenticationSuccessHandler redirectSaveHandler() { public VaadinAuthenticationSuccessHandler redirectSaveHandler() {
final VaadinUrlAuthenticationSuccessHandler handler = new TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler();
handler.setRedirectStrategy(vaadinRedirectStrategy());
handler.setDefaultTargetUrl("/UI/");
handler.setTargetUrlParameter("r");
return handler; return handler;
} }