You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2022/01/27 14:01:38 UTC

[syncope] 03/03: [SYNCOPE-1660] Using SyncopeAuthenticationDetailsSource with AnonymousAuthenticationFilter

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git

commit 5938894368c255600175de0b66e5f139605bb774
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Thu Jan 27 14:58:39 2022 +0100

    [SYNCOPE-1660] Using SyncopeAuthenticationDetailsSource with AnonymousAuthenticationFilter
---
 .../SyncopeAnonymousAuthenticationFilter.java      | 29 ++++++++++++++++++++++
 core/spring/src/main/resources/securityContext.xml | 14 +++++++++--
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeAnonymousAuthenticationFilter.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeAnonymousAuthenticationFilter.java
new file mode 100644
index 0000000..c85e942
--- /dev/null
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeAnonymousAuthenticationFilter.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.spring.security;
+
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
+
+public class SyncopeAnonymousAuthenticationFilter extends AnonymousAuthenticationFilter {
+
+    public SyncopeAnonymousAuthenticationFilter(final String key, final String anonymousUser) {
+        super(key, anonymousUser, AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+    }
+}
diff --git a/core/spring/src/main/resources/securityContext.xml b/core/spring/src/main/resources/securityContext.xml
index bec0d12..5f7490b 100644
--- a/core/spring/src/main/resources/securityContext.xml
+++ b/core/spring/src/main/resources/securityContext.xml
@@ -96,6 +96,15 @@ under the License.
     <property name="realmName" value="Apache Syncope authentication"/>
   </bean>
   
+  <bean id="anonymousAuthenticationFilter" class="org.apache.syncope.core.spring.security.SyncopeAnonymousAuthenticationFilter">
+    <constructor-arg value="doesNotMatter"/>
+    <constructor-arg value="${anonymousUser}"/>
+    <property name="authenticationDetailsSource" ref="authenticationDetailsSource"/>
+  </bean>
+  <bean id="anonymousAuthenticationProvider" class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
+    <constructor-arg value="doesNotMatter"/>
+  </bean>
+
   <bean id="jwtAuthenticationFilter" class="org.apache.syncope.core.spring.security.JWTAuthenticationFilter">
     <property name="authenticationManager" ref="authenticationManager"/>
     <property name="authenticationEntryPoint" ref="basicAuthenticationEntryPoint"/>
@@ -112,12 +121,13 @@ under the License.
                  use-expressions="false" disable-url-rewriting="false"
                  pattern="/**">
 
-    <security:anonymous username="${anonymousUser}"/>
+    <security:anonymous enabled="false"/>
+    <security:custom-filter ref="anonymousAuthenticationFilter" position="ANONYMOUS_FILTER"/>
 
     <security:custom-filter ref="jwtAuthenticationFilter" before="BASIC_AUTH_FILTER"/>
     <security:http-basic authentication-details-source-ref="authenticationDetailsSource"/>
     
-    <security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="mustChangePasswordFilter"/>
+    <security:custom-filter ref="mustChangePasswordFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
     
     <security:access-denied-handler ref="syncopeAccessDeniedHandler"/>