Merge pull request #221 from bsinno/feature_security_adaptions

Feature security adaptions
This commit is contained in:
Michael Hirsch
2016-06-23 10:06:25 +02:00
committed by GitHub
3 changed files with 9 additions and 20 deletions

View File

@@ -271,20 +271,6 @@ public class SecurityManagedConfiguration {
return filterRegBean; return filterRegBean;
} }
/**
* Security configuration for the REST management API of the health url.
*/
@Configuration
@Order(310)
public static class HealthSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.regexMatcher("/system/health").csrf().disable().httpBasic().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
/** /**
* Security configuration for the REST management API. * Security configuration for the REST management API.
*/ */
@@ -310,7 +296,7 @@ public class SecurityManagedConfiguration {
final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint(); final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
basicAuthEntryPoint.setRealmName(springSecurityProperties.getBasic().getRealm()); basicAuthEntryPoint.setRealmName(springSecurityProperties.getBasic().getRealm());
HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system.*").csrf().disable(); HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
if (springSecurityProperties.isRequireSsl()) { if (springSecurityProperties.isRequireSsl()) {
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and(); httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
} }
@@ -337,9 +323,7 @@ public class SecurityManagedConfiguration {
SessionManagementFilter.class) SessionManagementFilter.class)
.authorizeRequests().anyRequest().authenticated() .authorizeRequests().anyRequest().authenticated()
.antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**") .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN) .hasAnyAuthority(SpPermission.SYSTEM_ADMIN);
.antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/**")
.hasAnyAuthority(SpPermission.SYSTEM_DIAG);
httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint); httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint);
} }

View File

@@ -36,6 +36,9 @@ public final class PermissionUtils {
for (final String role : roles) { for (final String role : roles) {
authorities.add(new SimpleGrantedAuthority(role)); authorities.add(new SimpleGrantedAuthority(role));
// add spring security ROLE authority which is indicated by the
// `ROLE_` prefix
authorities.add(new SimpleGrantedAuthority("ROLE_" + role));
} }
return authorities; return authorities;

View File

@@ -36,7 +36,8 @@ public final class PermissionTest {
final Collection<String> allAuthorities = SpPermission.getAllAuthorities(); final Collection<String> allAuthorities = SpPermission.getAllAuthorities();
final List<GrantedAuthority> allAuthoritiesList = PermissionUtils.createAllAuthorityList(); final List<GrantedAuthority> allAuthoritiesList = PermissionUtils.createAllAuthorityList();
assertThat(allAuthorities).hasSize(allPermission); assertThat(allAuthorities).hasSize(allPermission);
assertThat(allAuthoritiesList).hasSize(allPermission); // times 2 because we add also all authorities as prefix 'ROLE_';
assertThat(allAuthoritiesList).hasSize(allPermission * 2);
assertThat(allAuthoritiesList.stream().map(authority -> authority.getAuthority()).collect(Collectors.toList())) assertThat(allAuthoritiesList.stream().map(authority -> authority.getAuthority()).collect(Collectors.toList()))
.containsAll(allAuthorities); .containsAll(allAuthorities);
@@ -46,7 +47,8 @@ public final class PermissionTest {
.getAllAuthorities(SpPermission.SYSTEM_ADMIN, SpPermission.SYSTEM_DIAG, SpPermission.SYSTEM_MONITOR)); .getAllAuthorities(SpPermission.SYSTEM_ADMIN, SpPermission.SYSTEM_DIAG, SpPermission.SYSTEM_MONITOR));
assertThat(authoritiesWithoutSystem).hasSize(permissionWithoutSystem); assertThat(authoritiesWithoutSystem).hasSize(permissionWithoutSystem);
assertThat(authoritiesListWithoutSystem).hasSize(permissionWithoutSystem); // times 2 because we add also all authorities as prefix 'ROLE_';
assertThat(authoritiesListWithoutSystem).hasSize(permissionWithoutSystem * 2);
assertThat(authoritiesListWithoutSystem.stream().map(authority -> authority.getAuthority()) assertThat(authoritiesListWithoutSystem.stream().map(authority -> authority.getAuthority())
.collect(Collectors.toList())).containsAll(authoritiesWithoutSystem); .collect(Collectors.toList())).containsAll(authoritiesWithoutSystem);