Fix Sonar Findings (#2679)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
@@ -9,19 +9,22 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.ui.simple.security;
|
||||
|
||||
import com.vaadin.flow.spring.security.VaadinWebSecurity;
|
||||
import com.vaadin.flow.spring.security.VaadinAwareSecurityContextHolderStrategyConfiguration;
|
||||
import com.vaadin.flow.spring.security.VaadinSecurityConfigurer;
|
||||
import org.eclipse.hawkbit.ui.simple.view.LoginView;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
|
||||
import java.net.URLEncoder;
|
||||
@@ -30,7 +33,8 @@ import java.nio.charset.StandardCharsets;
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
@EnableConfigurationProperties(OidcClientProperties.class)
|
||||
public class SecurityConfiguration extends VaadinWebSecurity {
|
||||
@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
|
||||
public class SecurityConfiguration {
|
||||
|
||||
private Customizer<OAuth2LoginConfigurer<HttpSecurity>> oAuth2LoginConfigurerCustomizer;
|
||||
|
||||
@@ -47,26 +51,25 @@ public class SecurityConfiguration extends VaadinWebSecurity {
|
||||
|
||||
@Bean
|
||||
public AuthenticationFailureHandler customFailureHandler() {
|
||||
return (request, response, exception) -> {
|
||||
// Redirect back to login with your message
|
||||
// Redirect back to login with your message
|
||||
return (request, response, exception) ->
|
||||
response.sendRedirect("/login?error=" + URLEncoder.encode(exception.getMessage(), StandardCharsets.UTF_8));
|
||||
};
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(final HttpSecurity http) throws Exception {
|
||||
@Bean
|
||||
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeHttpRequests(authorize -> authorize.requestMatchers("/images/*.png").permitAll());
|
||||
|
||||
super.configure(http);
|
||||
|
||||
if (oAuth2LoginConfigurerCustomizer != null) {
|
||||
http.oauth2Login(oAuth2LoginConfigurerCustomizer);
|
||||
} else {
|
||||
http.formLogin(form -> form
|
||||
.loginPage("/login")
|
||||
.failureHandler(customFailureHandler())
|
||||
);
|
||||
setLoginView(http, LoginView.class);
|
||||
.failureHandler(customFailureHandler()));
|
||||
}
|
||||
return http.with(VaadinSecurityConfigurer.vaadin(), configurer -> {
|
||||
if (oAuth2LoginConfigurerCustomizer == null) {
|
||||
configurer.loginView(LoginView.class);
|
||||
}
|
||||
}).build();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user