You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2022/01/27 14:01:38 UTC
[syncope] 03/03: [SYNCOPE-1660] Using SyncopeAuthenticationDetailsSource with AnonymousAuthenticationFilter
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 5938894368c255600175de0b66e5f139605bb774
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Thu Jan 27 14:58:39 2022 +0100
[SYNCOPE-1660] Using SyncopeAuthenticationDetailsSource with AnonymousAuthenticationFilter
---
.../SyncopeAnonymousAuthenticationFilter.java | 29 ++++++++++++++++++++++
core/spring/src/main/resources/securityContext.xml | 14 +++++++++--
2 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeAnonymousAuthenticationFilter.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeAnonymousAuthenticationFilter.java
new file mode 100644
index 0000000..c85e942
--- /dev/null
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeAnonymousAuthenticationFilter.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.spring.security;
+
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
+
+public class SyncopeAnonymousAuthenticationFilter extends AnonymousAuthenticationFilter {
+
+ public SyncopeAnonymousAuthenticationFilter(final String key, final String anonymousUser) {
+ super(key, anonymousUser, AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+ }
+}
diff --git a/core/spring/src/main/resources/securityContext.xml b/core/spring/src/main/resources/securityContext.xml
index bec0d12..5f7490b 100644
--- a/core/spring/src/main/resources/securityContext.xml
+++ b/core/spring/src/main/resources/securityContext.xml
@@ -96,6 +96,15 @@ under the License.
<property name="realmName" value="Apache Syncope authentication"/>
</bean>
+ <bean id="anonymousAuthenticationFilter" class="org.apache.syncope.core.spring.security.SyncopeAnonymousAuthenticationFilter">
+ <constructor-arg value="doesNotMatter"/>
+ <constructor-arg value="${anonymousUser}"/>
+ <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
+ </bean>
+ <bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
+ <constructor-arg value="doesNotMatter"/>
+ </bean>
+
<bean id="jwtAuthenticationFilter" class="org.apache.syncope.core.spring.security.JWTAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint"/>
@@ -112,12 +121,13 @@ under the License.
use-expressions="false" disable-url-rewriting="false"
pattern="/**">
- <security:anonymous username="${anonymousUser}"/>
+ <security:anonymous enabled="false"/>
+ <security:custom-filter ref="anonymousAuthenticationFilter" position="ANONYMOUS_FILTER"/>
<security:custom-filter ref="jwtAuthenticationFilter" before="BASIC_AUTH_FILTER"/>
<security:http-basic authentication-details-source-ref="authenticationDetailsSource"/>
- <security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="mustChangePasswordFilter"/>
+ <security:custom-filter ref="mustChangePasswordFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<security:access-denied-handler ref="syncopeAccessDeniedHandler"/>